5.5

CVE-2026-31520

HID: apple: avoid memory leak in apple_report_fixup()

In the Linux kernel, the following vulnerability has been resolved:

HID: apple: avoid memory leak in apple_report_fixup()

The apple_report_fixup() function was returning a
newly kmemdup()-allocated buffer, but never freeing it.

The caller of report_fixup() does not take ownership of the returned
pointer, but it *is* permitted to return a sub-portion of the input
rdesc, whose lifetime is managed by the caller.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.17 < 6.1.168
LinuxLinux Kernel Version >= 6.2 < 6.6.131
LinuxLinux Kernel Version >= 6.7 < 6.12.80
LinuxLinux Kernel Version >= 6.13 < 6.18.21
LinuxLinux Kernel Version >= 6.19 < 6.19.11
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613
Patch
https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884
Patch
https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624
Patch
https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1
Patch
https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5
Patch
https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4
Patch