VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 29 of 55
  • CVE-2017-18302MedSep 20, 2018
    risk 0.31cvss 4.7epss 0.00

    In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory…

  • CVE-2018-15499MedAug 24, 2018
    risk 0.31cvss 4.7epss 0.00

    GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long…

  • CVE-2018-14329MedJul 17, 2018
    risk 0.31cvss 4.7epss 0.00

    In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

  • CVE-2018-4092MedApr 3, 2018
    risk 0.31cvss 4.7epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended…

  • CVE-2017-9691MedMar 30, 2018
    risk 0.31cvss 4.7epss 0.00

    There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver.

  • CVE-2017-8148MedNov 22, 2017
    risk 0.31cvss 4.7epss 0.00

    Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the…

  • CVE-2017-9676MedSep 21, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.

  • CVE-2017-8281MedSep 21, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.

  • CVE-2015-7553MedSep 14, 2017
    risk 0.31cvss 4.7epss 0.00

    Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.

  • CVE-2017-9682MedAug 18, 2017
    risk 0.31cvss 4.7epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.

  • CVE-2016-4984MedJul 17, 2017
    risk 0.31cvss 4.7epss 0.00

    /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.

  • CVE-2016-4982MedJul 17, 2017
    risk 0.31cvss 4.7epss 0.00

    authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.

  • CVE-2016-10027MedJan 12, 2017
    risk 0.31cvss 5.9epss 0.02

    Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a…

  • CVE-2016-6136MedAug 6, 2016
    risk 0.31cvss 4.7epss 0.00

    Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

  • CVE-2016-3258MedJul 13, 2016
    risk 0.31cvss 4.7epss 0.01

    Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka…

  • CVE-2016-6130MedJul 3, 2016
    risk 0.31cvss 4.7epss 0.00

    Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.

  • CVE-2015-7990MedDec 28, 2015
    risk 0.31cvss 5.8epss 0.00

    Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. …

  • CVE-2014-8086MedOct 13, 2014
    risk 0.31cvss 4.7epss 0.00

    Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.

  • CVE-2010-5175MedAug 25, 2012
    risk 0.31cvss 4.8epss 0.00

    Race condition in PrivateFirewall 7.0.20.37 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes…

  • CVE-2009-4895MedSep 8, 2010
    risk 0.31cvss 4.7epss 0.00

    Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the…