VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 12 of 55
  • CVE-2018-5905HigSep 19, 2018
    risk 0.46cvss 7.0epss 0.00

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.

  • CVE-2018-11818HigSep 18, 2018
    risk 0.46cvss 7.0epss 0.00

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race…

  • CVE-2018-5859HigJul 6, 2018
    risk 0.46cvss 7.0epss 0.00

    Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.

  • CVE-2018-5853HigJul 6, 2018
    risk 0.46cvss 7.0epss 0.00

    A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.

  • CVE-2018-5832HigJul 6, 2018
    risk 0.46cvss 7.0epss 0.00

    Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur.

  • CVE-2017-15856HigJul 6, 2018
    risk 0.46cvss 7.0epss 0.00

    Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

  • CVE-2018-8025HigJun 27, 2018
    risk 0.46cvss 8.1epss 0.02

    CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a…

  • CVE-2018-12029HigJun 17, 2018
    risk 0.46cvss 7.0epss 0.00

    A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file…

  • CVE-2018-5849HigJun 12, 2018
    risk 0.46cvss 7.0epss 0.00

    Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.

  • CVE-2017-15843HigJun 12, 2018
    risk 0.46cvss 7.0epss 0.00

    Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2016-9077HigJun 11, 2018
    risk 0.46cvss 7.0epss 0.01

    Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50.

  • CVE-2018-4228HigJun 8, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages a race condition.

  • CVE-2018-5845HigJun 6, 2018
    risk 0.46cvss 7.0epss 0.00

    A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2018-6236HigMay 25, 2018
    risk 0.46cvss 7.0epss 0.00

    A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must…

  • CVE-2018-4167HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute…

  • CVE-2018-4166HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary…

  • CVE-2018-4158HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged…

  • CVE-2018-4157HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary…

  • CVE-2018-4156HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2018-4155HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute…