CVE-2023-53472

pwm: lpc32xx: Remove handling of PWM channels

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is
registered as the only PWM device/channel per controller, it is known in
advance that pwm->hwpwm value is always 0. On basis of this fact
simplify the code by removing operations with pwm->hwpwm, there is no
controls which require channel number as input. Even though I wasn't aware at the time when I forward ported that patch,
this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL
before devm_pwmchip_add() is called.

In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm->hwpwm value is always 0. On basis of this fact simplify the code by removing operations with pwm->hwpwm, there is no controls which require channel number as input. Even though I wasn't aware at the time when I forward ported that patch, this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL before devm_pwmchip_add() is called.

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-10-01 CVE Reserved
2025-10-01 CVE Published
2025-10-02 CVE Updated
2026-02-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (15)

URL	Tag	Source
https://git.kernel.org/stable/c/bb4de81eb940e7027f37a6fd3b7ddcb4403deb56	Vuln. Introduced
https://git.kernel.org/stable/c/4459118977665f681017e1299933895d54b6e87b	Vuln. Introduced
https://git.kernel.org/stable/c/81e6b51709da162b94e40a445bb60856406beaa1	Vuln. Introduced
https://git.kernel.org/stable/c/322b70b522abe03cd59712bb47a72eddd835d19d	Vuln. Introduced
https://git.kernel.org/stable/c/3d2813fb17e5fd0d73c1d1442ca0192bde4af10e	Vuln. Introduced
https://git.kernel.org/stable/c/7fc2172ad4e701d3c6e7dcb7b2efd8df71d2417b	Vuln. Introduced
https://git.kernel.org/stable/c/1c90a357cef4219cb436e59cc7463888103e104b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/abd9b2ee4047ccd980decbf26d61f9637604b1d5	2023-09-23
https://git.kernel.org/stable/c/a9a505f5b39d8fff1a55963a5e524c84639e98b2	2023-09-23
https://git.kernel.org/stable/c/04301da4d87067a989f70ee56942bf9d97cd2a45	2023-09-23
https://git.kernel.org/stable/c/a2d9d884e84bfd37892219b1f55847f36d8e9901	2023-09-19
https://git.kernel.org/stable/c/5e22217c11424ef958ba28d03ff7167b4d7a8914	2023-09-19
https://git.kernel.org/stable/c/523f6268e86552a048975749251184c4e9a4b38f	2023-09-19
https://git.kernel.org/stable/c/e3a0ddbaf7f1f9ffc070718b417461ced3268758	2023-09-19
https://git.kernel.org/stable/c/4aae44f65827f0213a7361cf9c32cfe06114473f	2023-08-22

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.248 < 4.14.326 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.248 < 4.14.326"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.208 < 4.19.295 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.208 < 4.19.295"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.149 < 5.4.257 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.149 < 5.4.257"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.69 < 5.10.195 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.69 < 5.10.195"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.132"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.54 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.54"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.5.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.5.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.9.284 Search vendor "Linux" for product "Linux Kernel" and version "4.9.284"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14.8 Search vendor "Linux" for product "Linux Kernel" and version "5.14.8"		en		Affected