CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 15 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7372 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. | ||
| CVE-2017-7368 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. | ||
| CVE-2015-9022 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. | ||
| CVE-2014-9966 | Hig | 0.46 | 7.0 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. | ||
| CVE-2015-5232 | Hig | 0.46 | 8.1 | 0.02 | Jun 7, 2017 | Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. | ||
| CVE-2016-10297 | Hig | 0.46 | 7.0 | 0.00 | Jun 6, 2017 | In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | ||
| CVE-2014-9941 | Hig | 0.46 | 7.0 | 0.00 | Jun 6, 2017 | In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | ||
| CVE-2016-10242 | Hig | 0.46 | 7.0 | 0.00 | May 16, 2017 | A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel. | ||
| CVE-2015-8997 | Hig | 0.46 | 7.0 | 0.00 | May 16, 2017 | In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. | ||
| CVE-2015-8996 | Hig | 0.46 | 7.0 | 0.00 | May 16, 2017 | In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | ||
| CVE-2014-9936 | Hig | 0.46 | 7.0 | 0.01 | May 16, 2017 | In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. | ||
| CVE-2017-8244 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2017 | In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow… | ||
| CVE-2017-0343 | Hig | 0.46 | 7.0 | 0.00 | May 9, 2017 | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges. | ||
| CVE-2017-8342 | Hig | 0.46 | 8.1 | 0.02 | Apr 30, 2017 | Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | ||
| CVE-2017-0462 | Hig | 0.46 | 7.0 | 0.01 | Apr 7, 2017 | An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.… | ||
| CVE-2017-6874 | Hig | 0.46 | 7.0 | 0.00 | Mar 14, 2017 | Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes… | ||
| CVE-2017-2636 | Hig | 0.46 | 7.0 | 0.01 | Mar 7, 2017 | Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | ||
| CVE-2017-6408 | Hig | 0.46 | 7.0 | 0.00 | Mar 2, 2017 | An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured. | ||
| CVE-2017-6346 | Hig | 0.46 | 7.0 | 0.00 | Mar 1, 2017 | Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. | ||
| CVE-2017-6001 | Hig | 0.46 | 7.0 | 0.02 | Feb 18, 2017 | Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists… |
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.
- risk 0.46cvss 7.0epss 0.00
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.
- risk 0.46cvss 8.1epss 0.02
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
- risk 0.46cvss 7.0epss 0.00
In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
- risk 0.46cvss 7.0epss 0.00
In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
- risk 0.46cvss 7.0epss 0.00
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
- risk 0.46cvss 7.0epss 0.00
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.
- risk 0.46cvss 7.0epss 0.00
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.
- risk 0.46cvss 7.0epss 0.01
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.
- risk 0.46cvss 7.0epss 0.00
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow…
- risk 0.46cvss 7.0epss 0.00
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.
- risk 0.46cvss 8.1epss 0.02
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
- risk 0.46cvss 7.0epss 0.01
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…
- risk 0.46cvss 7.0epss 0.00
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes…
- risk 0.46cvss 7.0epss 0.01
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
- risk 0.46cvss 7.0epss 0.00
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
- risk 0.46cvss 7.0epss 0.00
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
- risk 0.46cvss 7.0epss 0.02
Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists…