CVE-2023-53612: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53612 affects the Linux kernel's coretemp platform driver handling. The vulnerability was identified in the hwmon subsystem, specifically related to the unconventional implementation of platform device handling in the coretemp driver (NVD).

The vulnerability stems from error-prone logic in dynamically creating and destroying platform devices. The issue occurs because the driver assumes platformdeviceadd() will synchronously bind the driver and set drvdata before returning, which can result in a NULL dereference if drivers_autoprobe is turned off for the platform bus. Additionally, the implementation causes lockdep issues for other drivers or subsystems attempting to register a CPU hotplug notifier from a platform bus notifier (NVD).

The vulnerability affects the functionality of the coretemp driver in the Linux kernel. When exploited, it can lead to NULL pointer dereferences and potential system instability. There is also a user-visible change where /sys/bus/platform/drivers/coretemp will no longer appear, and /sys/devices/platform/coretemp.n will remain present if package n is hotplugged off (NVD).

The vulnerability has been resolved by simplifying the platform device handling. The fix involves tying the platform devices to the lifetime of the module itself and directly managing the hwmon interfaces from the hotplug notifiers. While this changes some system behavior, hwmon users should continue to look for the presence of hwmon interfaces, whose behavior remains unchanged (NVD).