Array Out-of-Bounds Vulnerability in MediaTek Video Codec on Linux Kernel
CVE-2023-53748

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2023-53748?

A vulnerability exists in the MediaTek video codec within the Linux kernel that allows user-supplied values to potentially lead to array out-of-bounds access during the queue setup process. The variable *nplanes, which is provided via a system call, can be set to a value beyond the expected range, causing potential memory access violations. This issue arises when the number of planes specified exceeds the allowed values of 1-3, while *nplanes can take values from 1 to 8. A fix has been implemented to validate *nplanes against the permissible array size, thereby enhancing overall system security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 48e4e06e2c5fe1fda283d499f91492eda2248bb9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8fbcf730cb89c3647f3365226fe7014118fa93c7

References

https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f...

https://git.kernel.org/stable/c/b8e19bf3b4aebd855be01b646...

https://git.kernel.org/stable/c/8fbcf730cb89c3647f3365226...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 8, 2025

JSON