CVE-2023-53472
pwm: lpc32xx: Remove handling of PWM channels
Description
In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm->hwpwm value is always 0. On basis of this fact simplify the code by removing operations with pwm->hwpwm, there is no controls which require channel number as input. Even though I wasn't aware at the time when I forward ported that patch, this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL before devm_pwmchip_add() is called.
INFO
Published Date :
Oct. 1, 2025, 12:15 p.m.
Last Modified :
Oct. 2, 2025, 7:12 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Update the Linux kernel to the latest version.
- Apply the patch for the PWM controller handling.
- Remove operations involving pwm->hwpwm.
- Ensure pwm->hwpwm is always 0.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53472.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53472 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53472
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53472 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53472 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 01, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm->hwpwm value is always 0. On basis of this fact simplify the code by removing operations with pwm->hwpwm, there is no controls which require channel number as input. Even though I wasn't aware at the time when I forward ported that patch, this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL before devm_pwmchip_add() is called. Added Reference https://git.kernel.org/stable/c/04301da4d87067a989f70ee56942bf9d97cd2a45 Added Reference https://git.kernel.org/stable/c/4aae44f65827f0213a7361cf9c32cfe06114473f Added Reference https://git.kernel.org/stable/c/523f6268e86552a048975749251184c4e9a4b38f Added Reference https://git.kernel.org/stable/c/5e22217c11424ef958ba28d03ff7167b4d7a8914 Added Reference https://git.kernel.org/stable/c/a2d9d884e84bfd37892219b1f55847f36d8e9901 Added Reference https://git.kernel.org/stable/c/a9a505f5b39d8fff1a55963a5e524c84639e98b2 Added Reference https://git.kernel.org/stable/c/abd9b2ee4047ccd980decbf26d61f9637604b1d5 Added Reference https://git.kernel.org/stable/c/e3a0ddbaf7f1f9ffc070718b417461ced3268758