{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31522", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.110Z", "datePublished": "2026-04-22T13:54:36.885Z", "dateUpdated": "2026-05-11T22:10:25.458Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:10:25.458Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: avoid memory leak in magicmouse_report_fixup()\n\nThe magicmouse_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned\npointer, but it *is* permitted to return a sub-portion of the input\nrdesc, whose lifetime is managed by the caller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-magicmouse.c"], "versions": [{"version": "e6ad399596bd234be4722022146e33e15c7e424d", "lessThan": "579c4c9857acdc8380fa99803f355f878bd766cb", "status": "affected", "versionType": "git"}, {"version": "0b91b4e4dae63cd43871fc2012370b86ee588f91", "lessThan": "d84c21aabaab517b9aaf9bc1d785922cb9db2f31", "status": "affected", "versionType": "git"}, {"version": "0b91b4e4dae63cd43871fc2012370b86ee588f91", "lessThan": "7edfe4346b052b708645d0acc0f186425766b785", "status": "affected", "versionType": "git"}, {"version": "0b91b4e4dae63cd43871fc2012370b86ee588f91", "lessThan": "79e5dcc95d9abed6f8203cfd529f4ec71f0e505d", "status": "affected", "versionType": "git"}, {"version": "0b91b4e4dae63cd43871fc2012370b86ee588f91", "lessThan": "136f605e246b4bfe7ac2259471d1ff814aed0084", "status": "affected", "versionType": "git"}, {"version": "0b91b4e4dae63cd43871fc2012370b86ee588f91", "lessThan": "fa95b0146358b49f9858139b67314591fd5871b0", "status": "affected", "versionType": "git"}, {"version": "0b91b4e4dae63cd43871fc2012370b86ee588f91", "lessThan": "91e8c6e601bdc1ccdf886479b6513c01c7e51c2c", "status": "affected", "versionType": "git"}, {"version": "c394bd1bc8537e61593b6b6799e01495c7cf9008", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hid/hid-magicmouse.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.21", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.11", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.17", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.18.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "6.19.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.17", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/579c4c9857acdc8380fa99803f355f878bd766cb"}, {"url": "https://git.kernel.org/stable/c/d84c21aabaab517b9aaf9bc1d785922cb9db2f31"}, {"url": "https://git.kernel.org/stable/c/7edfe4346b052b708645d0acc0f186425766b785"}, {"url": "https://git.kernel.org/stable/c/79e5dcc95d9abed6f8203cfd529f4ec71f0e505d"}, {"url": "https://git.kernel.org/stable/c/136f605e246b4bfe7ac2259471d1ff814aed0084"}, {"url": "https://git.kernel.org/stable/c/fa95b0146358b49f9858139b67314591fd5871b0"}, {"url": "https://git.kernel.org/stable/c/91e8c6e601bdc1ccdf886479b6513c01c7e51c2c"}], "title": "HID: magicmouse: avoid memory leak in magicmouse_report_fixup()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA3AB8BC-6A05-41D5-B4AC-D91E87648E18", "versionEndExcluding": "5.15.203", "versionStartIncluding": "5.15.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7532EA4E-6958-4B4C-8270-4601DA8D95B6", "versionEndExcluding": "5.17", "versionStartIncluding": "5.16.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AC7ECFB-6178-47EB-B821-2568DE6BFF85", "versionEndExcluding": "6.1.168", "versionStartIncluding": "5.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE6ED4D4-0046-4573-BFA9-D64143B6A89F", "versionEndExcluding": "6.6.131", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6", "versionEndExcluding": "6.12.80", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED39847A-3B46-4729-B7CA-B2C30B9FA8FE", "versionEndExcluding": "6.18.21", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CA2E747-A9EC-4518-9AA2-B4247FC748B7", "versionEndExcluding": "6.19.11", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: avoid memory leak in magicmouse_report_fixup()\n\nThe magicmouse_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned\npointer, but it *is* permitted to return a sub-portion of the input\nrdesc, whose lifetime is managed by the caller."}], "id": "CVE-2026-31522", "lastModified": "2026-04-28T18:21:16.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-22T14:16:52.100", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/136f605e246b4bfe7ac2259471d1ff814aed0084"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/579c4c9857acdc8380fa99803f355f878bd766cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/79e5dcc95d9abed6f8203cfd529f4ec71f0e505d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7edfe4346b052b708645d0acc0f186425766b785"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91e8c6e601bdc1ccdf886479b6513c01c7e51c2c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d84c21aabaab517b9aaf9bc1d785922cb9db2f31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fa95b0146358b49f9858139b67314591fd5871b0"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: HID: magicmouse: avoid memory leak in magicmouse_report_fixup()", "id": "2460655", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460655"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's HID magicmouse driver. The `magicmouse_report_fixup()` function, responsible for fixing report descriptors, allocates a new memory buffer but fails to free it. This memory leak can accumulate over time, potentially allowing a local attacker to exhaust system resources and cause a Denial of Service (DoS)."], "name": "CVE-2026-31522", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31522\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31522\nhttps://lore.kernel.org/linux-cve-announce/2026042212-CVE-2026-31522-b576@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,579c4c9857acdc8380fa99803f355f878bd766cb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d84c21aabaab517b9aaf9bc1d785922cb9db2f31)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7edfe4346b052b708645d0acc0f186425766b785)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,79e5dcc95d9abed6f8203cfd529f4ec71f0e505d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,136f605e246b4bfe7ac2259471d1ff814aed0084)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,fa95b0146358b49f9858139b67314591fd5871b0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,91e8c6e601bdc1ccdf886479b6513c01c7e51c2c)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.168,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.131,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.80,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.21,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.11,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T03:20:29.049350+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the patch resolving the magicmouse_report_fixup memory leak, ensuring the commit that deletes the allocation is present.", "If an immediate kernel upgrade is not possible, consider disabling the magicmouse HID driver in the kernel configuration or preventing physical connection of magicmouse devices to reduce repeat allocation cycles.", "Monitor system memory usage for abnormal growth patterns that could indicate the leak has not been fully mitigated."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via Memory Leak"}, "threat_synthesis": {"affected_systems": "All Linux kernel users are potentially affected, since the vendor list identifies Linux kernels broadly and no specific version range is noted. The issue exists in any kernel build prior to the inclusion of the patch that addresses the leak in magicmouse_report_fixup().", "description_and_impact": "The vulnerability arises when the magicmouse_report_fixup() function in the Linux kernel allocates a buffer with kmemdup() but never frees it. As a result, each invocation that triggers the function creates a memory leak. Repeated use of the magicmouse HID device can accumulate unreclaimed memory until the system exhausts available memory resources, potentially causing system slowdown or crashes\u2014an indirect denial\u2011of\u2011service condition. The underlying weakness is a classic memory\u2011leak defect.", "risk_and_exploitability": "The risk is elevated because each use of the magicmouse HID can increase memory consumption. The EPSS score of < 1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Affected systems that allow continuous HID magicmouse activity\u2014such as kiosk machines or routers exposing USB ports\u2014should be promptly updated. The CVSS score is 5.5."}}}}, "created": "2026-04-22T21:15:27.400568+00:00", "updated": "2026-04-29T03:30:15.937964+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}