CVE-2023-53437

MEDIUMNVD 5.55.5—

5.5

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Handle cameras with invalid descriptors

If the source entity does not contain any pads, do not create a link.

CVSS v3: 5.5
EG Score: 5.5(medium)
EPSS: 3.3%
KEV: Not listed

Published

September 18, 2025

Last Modified

January 14, 2026

References (8)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/11196ee3916e50a5da3c1e6ecda19a02dca14ba3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1a76cfc388cf105d3e04ac592670a52a3864b1ba
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2914259fcea23971c6fed8b2618d3a729a78c365
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/31a8d11d28b57656cebfbd4c0b8b76f6ad5b017d
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/41ddb251c68ac75c101d3a50a68c4629c9055e4c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4e4e6ca62e77539d4df8d13137e2683b10baddd9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c8f4a424af5879baefb0fb8a8a09b09ea1779483
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d8aa2e1ae6426d7cbddf1735aed1a63ddf0e6909

Vendor Advisories for CVE-2023-53437(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

RHSA-2023:7077
Red Hat Product SecurityHigh
Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Patch Availability(2)

Vendor / Ecosystem	Fixed in / Patch	Released	Source
redhat	kernel-0:4.18.0-513.5.1.el8_9	2023-11-14	redhat
redhat	kernel-0:5.14.0-362.8.1.el9_3	2023-11-07	redhat

Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.

Additional Vendor Advisories

(1)

Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.

Red HatRHSA-2023:6583MODERATE2025-09-18
RHSA-2023:6583 — Moderate

Data Freshness Timeline

(refreshed 10× in last 7d / 40× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

2026-06-21 14:55 UTCEPSS rescore
2026-06-21 14:55 UTCEPSS rescore
2026-06-21 01:58 UTCEPSS rescore
2026-06-21 01:58 UTCEPSS rescore
2026-06-18 17:51 UTCEPSS rescore
2026-06-18 02:14 UTCOSV refresh
2026-06-17 17:51 UTCEPSS rescore
2026-06-16 17:51 UTCEPSS rescore
2026-06-16 17:51 UTCEPSS rescore
2026-06-15 17:47 UTCEPSS rescore
2026-06-14 23:16 UTCEPSS rescore
2026-06-13 22:59 UTCEPSS rescore
2026-06-13 22:59 UTCEPSS rescore
2026-06-12 23:11 UTCEPSS rescore
2026-06-11 13:59 UTCEPSS rescore
2026-06-10 22:17 UTCEPSS rescore
2026-06-10 13:21 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore
2026-06-08 14:16 UTCEPSS rescore
2026-06-07 15:24 UTCEPSS rescore
2026-06-07 15:24 UTCEPSS rescore
2026-06-06 13:46 UTCEPSS rescore
2026-06-06 13:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore
2026-06-05 22:46 UTCEPSS rescore

Show 15 more

2026-06-05 06:09 UTCEPSS rescore
2026-06-05 06:09 UTCEPSS rescore
2026-06-04 13:11 UTCEPSS rescore
2026-06-04 13:11 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-02 20:12 UTCEPSS rescore
2026-06-01 13:51 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 22:30 UTCEPSS rescore
2026-05-31 00:15 UTCEPSS rescore
2026-05-31 00:15 UTCEPSS rescore
2026-05-29 22:16 UTCEG score recompute
2026-05-29 22:16 UTCVendor advisory
2026-05-29 22:16 UTCGHSA enrichment
2026-05-29 13:43 UTCEPSS rescore

Frequently asked(5)

What is CVE-2023-53437?

CVE-2023-53437 is a medium vulnerability published on September 18, 2025. In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Handle cameras with invalid descriptors If the source entity does not contain any pads, do not create a link.

When was CVE-2023-53437 disclosed?

CVE-2023-53437 was first published in the National Vulnerability Database on September 18, 2025, with the most recent update on January 14, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2023-53437 actively exploited?

CVE-2023-53437 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 3.3% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

What is the CVSS score of CVE-2023-53437?

CVE-2023-53437 has a CVSS v3 base score of 5.5 (NVD).

How do I remediate CVE-2023-53437?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2023-53437, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2023-53437

Explore →

Is Your Infrastructure Affected by CVE-2023-53437?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2023-53437

📅 Published

🔄 Last Modified

🔗 References (8)

📣 Vendor Advisories for CVE-2023-53437(1)