CVE-2023-53437

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: uvcvideo: Handle cameras with invalid descriptors

If the source entity does not contain any pads, do not create a link.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6d30cf81ee3c0368175f76c03120af5d81e0c639 < c8f4a424af5879baefb0fb8a8a09b09ea1779483affected
LinuxLinuxb4759a52b8940dbbfc565c918a3893ecaeb5b134 < 2914259fcea23971c6fed8b2618d3a729a78c365affected
LinuxLinuxaa1362606059ade437a901fe7c33b24901683c14 < 4e4e6ca62e77539d4df8d13137e2683b10baddd9affected
LinuxLinuxcc52ed14f5ca849ef81e6a6bc4beea6dc43514d0 < d8aa2e1ae6426d7cbddf1735aed1a63ddf0e6909affected
LinuxLinux7532dad6634031d083df7af606fac655b8d08b5c < 31a8d11d28b57656cebfbd4c0b8b76f6ad5b017daffected
LinuxLinux7532dad6634031d083df7af606fac655b8d08b5c < 11196ee3916e50a5da3c1e6ecda19a02dca14ba3affected
LinuxLinux7532dad6634031d083df7af606fac655b8d08b5c < 1a76cfc388cf105d3e04ac592670a52a3864b1baaffected
LinuxLinux7532dad6634031d083df7af606fac655b8d08b5c < 41ddb251c68ac75c101d3a50a68c4629c9055e4caffected
LinuxLinux9bf5da0d0fcca080b2254a30fa4b8ed47a96a0d0affected
LinuxLinuxd920b0940a0b2c0671e5a69ed3b3fe3a3a50b970affected
LinuxLinuxb950d6d8f4d7c78c9e5d08b61a66387c0b61f924affected
LinuxLinux4.14.224 < 4.14.308affected
LinuxLinux4.19.179 < 4.19.276affected
LinuxLinux5.4.103 < 5.4.235affected
LinuxLinux5.10.21 < 5.10.173affected
LinuxLinux4.4.260 < 4.5affected
LinuxLinux4.9.260 < 4.10affected
LinuxLinux5.11.4 < 5.12affected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux4.14.308 <= 4.14.*unaffected
LinuxLinux4.19.276 <= 4.19.*unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.100 <= 5.15.*unaffected
LinuxLinux6.1.18 <= 6.1.*unaffected
LinuxLinux6.2.5 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References