VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 27 of 55
  • CVE-2025-43420MedNov 4, 2025
    risk 0.31cvss 4.7epss 0.00

    A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.

  • CVE-2025-39825MedSep 16, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete…

  • CVE-2025-39813MedSep 16, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race…

  • CVE-2025-39697MedSep 5, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from…

  • CVE-2025-39673MedSep 5, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not…

  • CVE-2025-38687MedSep 4, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi gladly removing the allocated async area even though poll requests are still…

  • CVE-2025-38681MedSep 4, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page table regions as required. The ptdump code can race with concurrent modifications…

  • CVE-2025-38477MedJul 28, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example,…

  • CVE-2025-38393MedJul 25, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(),…

  • CVE-2025-38083MedJun 20, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU…

  • CVE-2025-40569MedJun 10, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2),…

  • CVE-2025-24240MedMar 31, 2025
    risk 0.31cvss 4.7epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.

  • CVE-2025-21701MedFeb 13, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic…

  • CVE-2025-24094MedJan 27, 2025
    risk 0.31cvss 4.7epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access user-sensitive data.

  • CVE-2024-57913MedJan 19, 2025
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in…

  • CVE-2024-53124MedDec 2, 2024
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules…

  • CVE-2024-47660MedOct 9, 2024
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time.…

  • CVE-2024-46870MedOct 9, 2024
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error - which works…

  • CVE-2024-38596MedJun 19, 2024
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to…

  • CVE-2024-27419MedMay 17, 2024
    risk 0.31cvss 4.7epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently.