CVE-2023-53425
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
18/09/2025
Last modified:
14/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: platform: mediatek: vpu: fix NULL ptr dereference<br />
<br />
If pdev is NULL, then it is still dereferenced.<br />
<br />
This fixes this smatch warning:<br />
<br />
drivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer &#39;pdev&#39;
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.324 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.293 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.255 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.192 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.128 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.47 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.4.12 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/099e929e7477f37ca16738fc158d7101c0189ca1
- https://git.kernel.org/stable/c/1b3f25d3894a091abc247eadab266a2c9be64389
- https://git.kernel.org/stable/c/2caeb722f0ea5d2d24af30bb1753a89d449b6aa0
- https://git.kernel.org/stable/c/3df55cd773e8603b623425cc97b05e542854ad27
- https://git.kernel.org/stable/c/4d299e6e0ac3cf8ab4517dc29c9294bc4bf72398
- https://git.kernel.org/stable/c/776b34615a29551d69d82a0082e7319d5ea284bd
- https://git.kernel.org/stable/c/b7bd48f0be84e24d21aa3a8f59a8a9cb8633a1c4
- https://git.kernel.org/stable/c/c1c5826223ae05a48d21f6708c6f34ee9006238c