0.0
NA
CVE-2023-53472
pwm: lpc32xx: Remove handling of PWM channels
Description

In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm->hwpwm value is always 0. On basis of this fact simplify the code by removing operations with pwm->hwpwm, there is no controls which require channel number as input. Even though I wasn't aware at the time when I forward ported that patch, this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL before devm_pwmchip_add() is called.

INFO

Published Date :

Oct. 1, 2025, 12:15 p.m.

Last Modified :

Oct. 1, 2025, 12:15 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2023-53472 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

Solution
Remove code that handles PWM channels to fix a null pointer dereference.
  • Update the Linux kernel to the latest version.
  • Apply the patch for the PWM controller handling.
  • Remove operations involving pwm->hwpwm.
  • Ensure pwm->hwpwm is always 0.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-53472 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-53472 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-53472 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-53472 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Oct. 01, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm->hwpwm value is always 0. On basis of this fact simplify the code by removing operations with pwm->hwpwm, there is no controls which require channel number as input. Even though I wasn't aware at the time when I forward ported that patch, this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL before devm_pwmchip_add() is called.
    Added Reference https://git.kernel.org/stable/c/04301da4d87067a989f70ee56942bf9d97cd2a45
    Added Reference https://git.kernel.org/stable/c/4aae44f65827f0213a7361cf9c32cfe06114473f
    Added Reference https://git.kernel.org/stable/c/523f6268e86552a048975749251184c4e9a4b38f
    Added Reference https://git.kernel.org/stable/c/5e22217c11424ef958ba28d03ff7167b4d7a8914
    Added Reference https://git.kernel.org/stable/c/a2d9d884e84bfd37892219b1f55847f36d8e9901
    Added Reference https://git.kernel.org/stable/c/a9a505f5b39d8fff1a55963a5e524c84639e98b2
    Added Reference https://git.kernel.org/stable/c/abd9b2ee4047ccd980decbf26d61f9637604b1d5
    Added Reference https://git.kernel.org/stable/c/e3a0ddbaf7f1f9ffc070718b417461ced3268758
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.