CVE-2023-54143
Unknown Unknown - Not Provided
Resource Leak in Linux Media Mediatek Vcodec vdec_msg_queue_init

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init() If we encounter any error in the vdec_msg_queue_init() then we need to set "msg_queue->wdma_addr.size = 0;". Normally, this is done inside the vdec_msg_queue_deinit() function. However, if the first call to allocate &msg_queue->wdma_addr fails, then the vdec_msg_queue_deinit() function is a no-op. For that situation, just set the size to zero explicitly and return. There were two other error paths which did not clean up before returning. Change those error paths to goto mem_alloc_err.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54143
EUVD
EUVD-2023-60302
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mediatek vcodec *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a resource leak in the Linux kernel's MediaTek video codec driver (vcodec). Specifically, in the function vdec_msg_queue_init(), if an error occurs during initialization, certain allocated resources are not properly cleaned up. Normally, the cleanup is handled in vdec_msg_queue_deinit(), but if the first allocation fails, this cleanup function does nothing, leading to resource leaks. The fix involves explicitly setting the size to zero and ensuring all error paths properly clean up resources.

Impact Analysis

The vulnerability can lead to resource leaks in the MediaTek video codec driver within the Linux kernel. Resource leaks may cause increased memory usage or other resource exhaustion issues, potentially leading to degraded system performance or instability.

Mitigation Strategies

Apply the patch or update to the Linux kernel version that includes the fix for the resource leaks in vdec_msg_queue_init() in the mediatek vcodec driver. Specifically, ensure that error paths in vdec_msg_queue_init() properly set msg_queue->wdma_addr.size to zero or clean up resources by going to mem_alloc_err, as described in the fix. If an updated kernel is not available, consider disabling or restricting use of the affected mediatek vcodec functionality until a fix can be applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54143. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart