CVE-2023-53472
BaseFortify
Publication date: 2025-10-01
Last updated on: 2026-01-20
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 4.9.284 (inc) to 4.10 (exc) |
| linux | linux_kernel | From 4.14.248 (inc) to 4.14.326 (exc) |
| linux | linux_kernel | From 4.19.208 (inc) to 4.19.295 (exc) |
| linux | linux_kernel | From 5.4.149 (inc) to 5.4.257 (exc) |
| linux | linux_kernel | From 5.10.69 (inc) to 5.10.195 (exc) |
| linux | linux_kernel | From 5.14.8 (inc) to 5.15.132 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.54 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the Linux kernel's pwm: lpc32xx driver. The issue arises because the pwm controller for LPC32xx has only a single output channel, and the code incorrectly handled multiple channels. The fix involved simplifying the code by removing operations related to channel numbers, which prevents the null pointer dereference that occurred before the PWM chip was properly added.
How can this vulnerability impact me? :
The null pointer dereference could cause the Linux kernel to crash or behave unpredictably when handling PWM operations on LPC32xx hardware, potentially leading to system instability or denial of service.