In the Linux kernel, the following vulnerability has been resolved:

pwm: lpc32xx: Remove handling of PWM channels

Because LPC32xx PWM controllers have only a single output which is
registered as the only PWM device/channel per controller, it is known in
advance that pwm->hwpwm value is always 0. On basis of this fact
simplify the code by removing operations with pwm->hwpwm, there is no
controls which require channel number as input.

Even though I wasn't aware at the time when I forward ported that patch,
this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL
before devm_pwmchip_add() is called.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/04301da4d87067a989f70ee56942bf9d97cd2a45 cve-icon cve-icon
https://git.kernel.org/stable/c/4aae44f65827f0213a7361cf9c32cfe06114473f cve-icon cve-icon
https://git.kernel.org/stable/c/523f6268e86552a048975749251184c4e9a4b38f cve-icon cve-icon
https://git.kernel.org/stable/c/5e22217c11424ef958ba28d03ff7167b4d7a8914 cve-icon cve-icon
https://git.kernel.org/stable/c/a2d9d884e84bfd37892219b1f55847f36d8e9901 cve-icon cve-icon
https://git.kernel.org/stable/c/a9a505f5b39d8fff1a55963a5e524c84639e98b2 cve-icon cve-icon
https://git.kernel.org/stable/c/abd9b2ee4047ccd980decbf26d61f9637604b1d5 cve-icon cve-icon
https://git.kernel.org/stable/c/e3a0ddbaf7f1f9ffc070718b417461ced3268758 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100110-CVE-2023-53472-93cb@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-53472 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-53472 cve-icon
History

Thu, 02 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 01 Oct 2025 12:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm->hwpwm value is always 0. On basis of this fact simplify the code by removing operations with pwm->hwpwm, there is no controls which require channel number as input. Even though I wasn't aware at the time when I forward ported that patch, this fixes a null pointer dereference as lpc32xx->chip.pwms is NULL before devm_pwmchip_add() is called.
Title pwm: lpc32xx: Remove handling of PWM channels
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-10-01T11:42:41.951Z

Reserved: 2025-10-01T11:39:39.401Z

Link: CVE-2023-53472

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-10-01T12:15:49.420

Modified: 2025-10-01T12:15:49.420

Link: CVE-2023-53472

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-10-01T00:00:00Z

Links: CVE-2023-53472 - Bugzilla

cve-icon OpenCVE Enrichment

No data.