CVE-2023-53437

low-risk
Published 2025-09-18

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras with invalid descriptors If the source entity does not contain any pads, do not create a link.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (8)

Patch https://git.kernel.org/stable/c/11196ee3916e50a5da3c1e6ecda19a02dca14ba3
Patch https://git.kernel.org/stable/c/1a76cfc388cf105d3e04ac592670a52a3864b1ba
Patch https://git.kernel.org/stable/c/2914259fcea23971c6fed8b2618d3a729a78c365
Patch https://git.kernel.org/stable/c/31a8d11d28b57656cebfbd4c0b8b76f6ad5b017d
Patch https://git.kernel.org/stable/c/41ddb251c68ac75c101d3a50a68c4629c9055e4c
Patch https://git.kernel.org/stable/c/4e4e6ca62e77539d4df8d13137e2683b10baddd9
Patch https://git.kernel.org/stable/c/c8f4a424af5879baefb0fb8a8a09b09ea1779483
Patch https://git.kernel.org/stable/c/d8aa2e1ae6426d7cbddf1735aed1a63ddf0e6909
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal