VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 25 of 55
  • CVE-2024-26861MedApr 17, 2024
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()…

  • CVE-2024-26859MedApr 17, 2024
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a…

  • CVE-2024-23275MedMar 8, 2024
    risk 0.31cvss 4.7epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access protected user data.

  • CVE-2024-23239MedMar 8, 2024
    risk 0.31cvss 4.7epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to leak sensitive user information.

  • CVE-2024-23235MedMar 8, 2024
    risk 0.31cvss 4.7epss 0.01

    A race condition was addressed with additional validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to access user-sensitive data.

  • CVE-2020-29372MedNov 28, 2020
    risk 0.31cvss 4.7epss 0.00

    An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.

  • CVE-2017-18302MedSep 20, 2018
    risk 0.31cvss 4.7epss 0.00

    In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory…

  • CVE-2018-15499MedAug 24, 2018
    risk 0.31cvss 4.7epss 0.00

    GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long…

  • CVE-2018-14329MedJul 17, 2018
    risk 0.31cvss 4.7epss 0.00

    In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

  • CVE-2018-4092MedApr 3, 2018
    risk 0.31cvss 4.7epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended…

  • CVE-2017-9691MedMar 30, 2018
    risk 0.31cvss 4.7epss 0.00

    There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.

  • CVE-2017-8148MedNov 22, 2017
    risk 0.31cvss 4.7epss 0.00

    Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the…

  • CVE-2017-9676MedSep 21, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.

  • CVE-2017-8281MedSep 21, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.

  • CVE-2015-7553MedSep 14, 2017
    risk 0.31cvss 4.7epss 0.00

    Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.

  • CVE-2017-9682MedAug 18, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.

  • CVE-2016-4984MedJul 17, 2017
    risk 0.31cvss 4.7epss 0.00

    /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.

  • CVE-2016-4982MedJul 17, 2017
    risk 0.31cvss 4.7epss 0.00

    authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.

  • CVE-2016-10027MedJan 12, 2017
    risk 0.31cvss 5.9epss 0.02

    Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a…

  • CVE-2016-6136MedAug 6, 2016
    risk 0.31cvss 4.7epss 0.00

    Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.