VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 20 of 55
  • CVE-2024-27823MedJul 29, 2024
    risk 0.38cvss 5.9epss 0.01

    A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network…

  • CVE-2018-9069MedOct 2, 2018
    risk 0.38cvss 5.9epss 0.01

    In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

  • CVE-2018-15473MedAug 17, 2018
    risk 0.38cvss 5.3epss 0.99

    OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

  • CVE-2018-10850MedJun 13, 2018
    risk 0.38cvss 5.9epss 0.02

    389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.

  • CVE-2018-11324MedMay 22, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.

  • CVE-2018-5826MedApr 3, 2018
    risk 0.38cvss 5.9epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver.

  • CVE-2017-11353MedJul 17, 2017
    risk 0.38cvss 5.9epss 0.01

    yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.

  • CVE-2017-8242MedJun 13, 2017
    risk 0.38cvss 5.9epss 0.00

    In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.

  • CVE-2015-8878MedMay 22, 2016
    risk 0.38cvss 5.9epss 0.01

    main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file…

  • CVE-2024-2193MedMar 15, 2024
    risk 0.37cvss 5.7epss 0.01

    A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race…

  • CVE-2016-0723MedFeb 8, 2016
    risk 0.37cvss 6.8epss 0.00

    Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during…

  • CVE-2026-28996MedMay 11, 2026
    risk 0.36cvss 5.5epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data.

  • CVE-2025-43292MedSep 15, 2025
    risk 0.36cvss 5.5epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.

  • CVE-2025-52993MedJun 27, 2025
    risk 0.36cvss 5.6epss 0.00

    A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1;…

  • CVE-2024-36285MedFeb 12, 2025
    risk 0.36cvss 5.6epss 0.00

    Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2024-12747MedJan 14, 2025
    risk 0.36cvss 5.6epss 0.00

    A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was…

  • CVE-2024-27876MedSep 17, 2024
    risk 0.36cvss 5.5epss 0.01

    A race condition was addressed with improved locking. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary…

  • CVE-2024-36894MedMay 30, 2024
    risk 0.36cvss 5.6epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario…

  • CVE-2024-35898MedMay 19, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within…

  • CVE-2024-26960MedMay 1, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was…