CVE-2023-53748 — Linux vulnerability

6 documents5 sources

Severity

—N/A

No vector

EPSS

0.0%

top 90.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 8

Description

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds. Fix this bug by checking *nplanes against the array size.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.10.0 — 6.1.30+1

▶Debianlinux/linux_kernel< 6.1.37-1+2

▶CVEListV5linux/linux590577a4e5257ac3ed72999a94666ad6ba8f24bc — 48e4e06e2c5fe1fda283d499f91492eda2248bb9+3

▶debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-5682-9vmg-wm34: In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup↗2025-12-08

▶

OSV

CVE-2023-53748: In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup↗2025-12-08

▶

OSV

media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup↗2025-12-08

▶

📋Vendor Advisories

Red Hat

kernel: media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup↗2025-12-08

▶

Debian

CVE-2023-53748: linux - In the Linux kernel, the following vulnerability has been resolved: media: medi...↗2023

▶