CVE-2026-31522 PUBLISHED

HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

Assigner: Linux
Reserved: 09.03.2026 Published: 22.04.2026 Updated: 22.04.2026

In the Linux kernel, the following vulnerability has been resolved:

HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

The magicmouse_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned pointer, but it is permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 579c4c9857acdc8380fa99803f355f878bd766cb (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to d84c21aabaab517b9aaf9bc1d785922cb9db2f31 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 7edfe4346b052b708645d0acc0f186425766b785 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 79e5dcc95d9abed6f8203cfd529f4ec71f0e505d (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 136f605e246b4bfe7ac2259471d1ff814aed0084 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to fa95b0146358b49f9858139b67314591fd5871b0 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 91e8c6e601bdc1ccdf886479b6513c01c7e51c2c (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 5.15.203 to 5.15.* (incl.)
  • unaffected from 6.1.168 to 6.1.* (incl.)
  • unaffected from 6.6.131 to 6.6.* (incl.)
  • unaffected from 6.12.80 to 6.12.* (incl.)
  • unaffected from 6.18.21 to 6.18.* (incl.)
  • unaffected from 6.19.11 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References