CVE-2023-53748 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9
https://git.kernel.org/stable/c/8fbcf730cb89c3647f3365226fe7014118fa93c7
https://git.kernel.org/stable/c/b8e19bf3b4aebd855be01b64674187dcf6d1db51

History

Mon, 08 Dec 2025 02:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size.
Title		media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9 https://git.kernel.org/stable/c/8fbcf730cb89c3647f3365226fe7014118fa93c7 https://git.kernel.org/stable/c/b8e19bf3b4aebd855be01b64674187dcf6d1db51

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-08T01:19:07.318Z

Updated: 2025-12-08T01:19:07.318Z

Reserved: 2025-12-08T01:18:04.279Z

Link: CVE-2023-53748

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-08T02:15:50.200

Modified: 2025-12-08T18:26:19.900

Link: CVE-2023-53748

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-53748", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-08T01:18:04.279Z", "datePublished": "2025-12-08T01:19:07.318Z", "dateUpdated": "2025-12-08T01:19:07.318Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-08T01:19:07.318Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup\n\nvariable *nplanes is provided by user via system call argument. The\npossible value of q_data->fmt->num_planes is 1-3, while the value\nof *nplanes can be 1-8. The array access by index i can cause array\nout-of-bounds.\n\nFix this bug by checking *nplanes against the array size."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/mediatek/vcodec/mtk_vcodec_dec.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "48e4e06e2c5fe1fda283d499f91492eda2248bb9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "b8e19bf3b4aebd855be01b64674187dcf6d1db51", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "8fbcf730cb89c3647f3365226fe7014118fa93c7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/media/platform/mediatek/vcodec/mtk_vcodec_dec.c"], "versions": [{"version": "6.1.30", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.3.4", "lessThanOrEqual": "6.3.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.4", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.1.30"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.3.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f91492eda2248bb9"}, {"url": "https://git.kernel.org/stable/c/b8e19bf3b4aebd855be01b64674187dcf6d1db51"}, {"url": "https://git.kernel.org/stable/c/8fbcf730cb89c3647f3365226fe7014118fa93c7"}], "title": "media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup", "x_generator": {"engine": "bippy-1.2.0"}}}}