VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 13 of 55
  • CVE-2018-4154HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2018-4152HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2018-4151HigApr 3, 2018
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

  • CVE-2018-8885HigMar 28, 2018
    risk 0.46cvss 7.0epss 0.00

    screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a…

  • CVE-2018-3561HigMar 16, 2018
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition.

  • CVE-2017-15834HigMar 16, 2018
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.

  • CVE-2017-11082HigMar 16, 2018
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file…

  • CVE-2017-6296HigMar 6, 2018
    risk 0.46cvss 7.0epss 0.00

    NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate.

  • CVE-2018-7249HigFeb 26, 2018
    risk 0.46cvss 7.0epss 0.02

    An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free.…

  • CVE-2017-15829HigFeb 23, 2018
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.

  • CVE-2018-7441HigFeb 23, 2018
    risk 0.46cvss 7.0epss 0.00

    Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.

  • CVE-2017-1000503HigJan 24, 2018
    risk 0.46cvss 8.1epss 0.01

    A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple…

  • CVE-2017-13183HigJan 12, 2018
    risk 0.46cvss 7.0epss 0.00

    In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a…

  • CVE-2017-15847HigJan 10, 2018
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel.

  • CVE-2014-4995HigJan 10, 2018
    risk 0.46cvss 7.0epss 0.00

    Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.

  • CVE-2017-18018HigJan 4, 2018
    risk 0.46cvss 7.1epss 0.00

    In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

  • CVE-2017-17712HigDec 16, 2017
    risk 0.46cvss 7.0epss 0.00

    The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.

  • CVE-2017-14902HigDec 5, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.

  • CVE-2017-9718HigDec 5, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.

  • CVE-2017-9708HigDec 5, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function…