VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 15 of 55
  • CVE-2017-7372HigJun 13, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.

  • CVE-2017-7368HigJun 13, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.

  • CVE-2015-9022HigJun 13, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.

  • CVE-2014-9966HigJun 13, 2017
    risk 0.46cvss 7.0epss 0.00

    In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.

  • CVE-2015-5232HigJun 7, 2017
    risk 0.46cvss 8.1epss 0.02

    Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.

  • CVE-2016-10297HigJun 6, 2017
    risk 0.46cvss 7.0epss 0.00

    In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.

  • CVE-2014-9941HigJun 6, 2017
    risk 0.46cvss 7.0epss 0.00

    In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.

  • CVE-2016-10242HigMay 16, 2017
    risk 0.46cvss 7.0epss 0.00

    A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.

  • CVE-2015-8997HigMay 16, 2017
    risk 0.46cvss 7.0epss 0.00

    In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.

  • CVE-2015-8996HigMay 16, 2017
    risk 0.46cvss 7.0epss 0.00

    In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.

  • CVE-2014-9936HigMay 16, 2017
    risk 0.46cvss 7.0epss 0.01

    In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.

  • CVE-2017-8244HigMay 12, 2017
    risk 0.46cvss 7.0epss 0.00

    In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow…

  • CVE-2017-0343HigMay 9, 2017
    risk 0.46cvss 7.0epss 0.00

    All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.

  • CVE-2017-8342HigApr 30, 2017
    risk 0.46cvss 8.1epss 0.02

    Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.

  • CVE-2017-0462HigApr 7, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2017-6874HigMar 14, 2017
    risk 0.46cvss 7.0epss 0.00

    Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes…

  • CVE-2017-2636HigMar 7, 2017
    risk 0.46cvss 7.0epss 0.01

    Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

  • CVE-2017-6408HigMar 2, 2017
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.

  • CVE-2017-6346HigMar 1, 2017
    risk 0.46cvss 7.0epss 0.00

    Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.

  • CVE-2017-6001HigFeb 18, 2017
    risk 0.46cvss 7.0epss 0.02

    Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists…