CVE-2023-53748
BaseFortify
Publication date: 2025-12-08
Last updated on: 2025-12-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | vcodec | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential array out-of-bounds issue in the MediaTek video codec driver in the Linux kernel. It occurs because a variable representing the number of planes (*nplanes) is provided by the user and can have a value between 1 and 8, while the expected number of planes in the format is between 1 and 3. This mismatch can cause the code to access an array beyond its valid range, leading to undefined behavior or crashes. The issue was fixed by adding a check to ensure *nplanes does not exceed the array size.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory access in the Linux kernel's MediaTek video codec driver, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited. The impact depends on whether the vulnerable driver is used and if an attacker can supply crafted input to trigger the issue.