Array Out-of-Bounds Vulnerability in MediaTek Video Codec on Linux Kernel
CVE-2023-53748

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
8 December 2025

What is CVE-2023-53748?

A vulnerability exists in the MediaTek video codec within the Linux kernel that allows user-supplied values to potentially lead to array out-of-bounds access during the queue setup process. The variable *nplanes, which is provided via a system call, can be set to a value beyond the expected range, causing potential memory access violations. This issue arises when the number of planes specified exceeds the allowed values of 1-3, while *nplanes can take values from 1 to 8. A fix has been implemented to validate *nplanes against the permissible array size, thereby enhancing overall system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 590577a4e5257ac3ed72999a94666ad6ba8f24bc < 48e4e06e2c5fe1fda283d499f91492eda2248bb9

Linux 590577a4e5257ac3ed72999a94666ad6ba8f24bc

Linux 590577a4e5257ac3ed72999a94666ad6ba8f24bc < 8fbcf730cb89c3647f3365226fe7014118fa93c7

References

https://git.kernel.org/stable/c/48e4e06e2c5fe1fda283d499f...
https://git.kernel.org/stable/c/b8e19bf3b4aebd855be01b646...
https://git.kernel.org/stable/c/8fbcf730cb89c3647f3365226...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.