VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 14 of 55
  • CVE-2017-9703HigDec 5, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition.

  • CVE-2017-11049HigDec 5, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow.

  • CVE-2017-11045HigDec 5, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.

  • CVE-2017-11044HigDec 5, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.

  • CVE-2017-11025HigNov 16, 2017
    risk 0.46cvss 7.0epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur.

  • CVE-2017-15265HigOct 16, 2017
    risk 0.46cvss 7.0epss 0.00

    Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and…

  • CVE-2017-9697HigOct 10, 2017
    risk 0.46cvss 7.0epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.

  • CVE-2015-8239HigOct 10, 2017
    risk 0.46cvss 7.0epss 0.01

    The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

  • CVE-2017-8280HigSep 21, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch.

  • CVE-2017-12146HigSep 8, 2017
    risk 0.46cvss 7.0epss 0.00

    The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.

  • CVE-2015-5948HigSep 6, 2017
    risk 0.46cvss 8.1epss 0.04

    Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.

  • CVE-2015-5947HigSep 6, 2017
    risk 0.46cvss 8.1epss 0.03

    SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.

  • CVE-2017-9684HigAug 18, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.

  • CVE-2017-8270HigAug 18, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.

  • CVE-2017-8267HigAug 18, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.

  • CVE-2017-8266HigAug 18, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

  • CVE-2017-8265HigAug 18, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.

  • CVE-2017-8262HigAug 18, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.

  • CVE-2015-7543HigJul 25, 2017
    risk 0.46cvss 7.0epss 0.00

    aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.

  • CVE-2014-7953HigJul 7, 2017
    risk 0.46cvss 7.0epss 0.00

    Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script…