Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026
CVE-2023-53748
CVE-2023-53748
Description
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
variable *nplanes is provided by user via system call argument. The possible value of q_data->fmt->num_planes is 1-3, while the value of *nplanes can be 1-8. The array access by index i can cause array out-of-bounds.
Fix this bug by checking *nplanes against the array size.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords9 versionspkg:linux/kernelpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_76&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
>= 4.10.0, < 6.1.30+ 8 more
- (no CPE)range: >= 4.10.0, < 6.1.30
- (no CPE)range: < 4.12.14-122.290.1
- (no CPE)range: < 4.12.14-122.290.1
- (no CPE)range: < 4.12.14-122.290.1
- (no CPE)range: < 4.12.14-122.290.1
- (no CPE)range: < 4.12.14-122.290.1
- (no CPE)range: < 4.12.14-122.290.1
- (no CPE)range: < 4.12.14-122.290.1
- (no CPE)range: < 1-8.7.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.