CVE-2023-54143

CVSS v2.0

5.5

Medium

Vector

AV:A/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A resource leak exists in the vdec msg queue init() function within the MediaTek VCodec component of the Linux kernel. Specifically, if allocation of msg queue->wdma addr fails, the function does not properly clean up resources before returning, leading to a memory leak. This occurs because the vdec msg queue deinit() function is bypassed in this error scenario. Additionally, two other error paths within the function also lacked proper resource cleanup. The issue is addressed by explicitly setting msg queue->wdma addr.size = 0 in error cases and redirecting error paths to mem alloc err.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-04207

CVE-2023-54143

SUSE-SU-2026:0278-1

SUSE-SU-2026:0281-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:0315-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

Affected Products

Linux Kernel

Mediatek Vdec

CVE-2023-54143

Weakness Enumeration

Related Identifiers

Affected Products

References · 1460