CVE-2023-54143
Resource Leak in Linux Media Mediatek Vcodec vdec_msg_queue_init
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | vcodec | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a resource leak in the Linux kernel's MediaTek video codec driver (vcodec). Specifically, in the function vdec_msg_queue_init(), if an error occurs during initialization, certain allocated resources are not properly cleaned up. Normally, the cleanup is handled in vdec_msg_queue_deinit(), but if the first allocation fails, this cleanup function does nothing, leading to resource leaks. The fix involves explicitly setting the size to zero and ensuring all error paths properly clean up resources.
How can this vulnerability impact me? :
The vulnerability can lead to resource leaks in the MediaTek video codec driver within the Linux kernel. Resource leaks may cause increased memory usage or other resource exhaustion issues, potentially leading to degraded system performance or instability.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for the resource leaks in vdec_msg_queue_init() in the mediatek vcodec driver. Specifically, ensure that error paths in vdec_msg_queue_init() properly set msg_queue->wdma_addr.size to zero or clean up resources by going to mem_alloc_err, as described in the fix. If an updated kernel is not available, consider disabling or restricting use of the affected mediatek vcodec functionality until a fix can be applied.