CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 33 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-53520 | Med | 0.24 | 4.7 | 0.00 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync crash If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier may still be accessing it, it can cause the program to crash. Here's the call trace: … | ||
| CVE-2024-41005 | Med | 0.24 | 4.7 | 0.00 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by… | ||
| CVE-2022-48366 | — | Low | 0.24 | 3.7 | 0.00 | Mar 12, 2023 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack. | |
| CVE-2022-38170 | Med | 0.24 | 4.7 | 0.01 | Sep 2, 2022 | In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary… | ||
| CVE-2020-36203 | — | Med | 0.24 | 4.7 | 0.00 | Jan 26, 2021 | An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption. | |
| CVE-2020-35928 | — | Med | 0.24 | 4.7 | 0.00 | Dec 31, 2020 | An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. | |
| CVE-2020-35905 | — | Med | 0.24 | 4.7 | 0.00 | Dec 31, 2020 | An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). | |
| CVE-2019-16354 | — | Med | 0.24 | 4.7 | 0.00 | Sep 16, 2019 | The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. | |
| CVE-2015-4170 | Med | 0.24 | 4.7 | 0.00 | May 2, 2016 | Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a… | ||
| CVE-2014-3611 | Med | 0.24 | 4.7 | 0.00 | Nov 10, 2014 | Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. | ||
| CVE-2026-0995 | Low | 0.23 | 3.6 | 0.00 | Mar 2, 2026 | An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. | ||
| CVE-2025-30235 | Low | 0.23 | 3.5 | 0.00 | Mar 19, 2025 | Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled. | ||
| CVE-2016-15036 | Med | 0.23 | 4.6 | 0.00 | Dec 23, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told… | ||
| CVE-2016-10538 | Low | 0.23 | 3.5 | 0.01 | May 31, 2018 | The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. | ||
| CVE-2026-44059 | Med | 0.22 | 4.5 | 0.00 | May 21, 2026 | A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption. | ||
| CVE-2016-1000236 | — | Med | 0.22 | 4.4 | 0.01 | Nov 19, 2019 | Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. | |
| CVE-2025-59577 | Med | 0.21 | 4.3 | 0.00 | Sep 22, 2025 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through <= 3.6.20. | ||
| CVE-2026-9959 | Low | 0.20 | 3.1 | 0.00 | May 28, 2026 | Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-8741 | Low | 0.20 | 3.1 | 0.00 | May 17, 2026 | A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high… | ||
| CVE-2026-7954 | Low | 0.20 | 3.1 | 0.00 | May 6, 2026 | Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
- risk 0.24cvss 4.7epss 0.00
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync crash If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier may still be accessing it, it can cause the program to crash. Here's the call trace: …
- risk 0.24cvss 4.7epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by…
- risk 0.24cvss 3.7epss 0.00
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
- risk 0.24cvss 4.7epss 0.01
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary…
- risk 0.24cvss 4.7epss 0.00
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.
- risk 0.24cvss 4.7epss 0.00
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.
- risk 0.24cvss 4.7epss 0.00
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).
- risk 0.24cvss 4.7epss 0.00
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
- risk 0.24cvss 4.7epss 0.00
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a…
- risk 0.24cvss 4.7epss 0.00
Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
- risk 0.23cvss 3.6epss 0.00
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.
- risk 0.23cvss 3.5epss 0.00
Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.
- risk 0.23cvss 4.6epss 0.00
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told…
- risk 0.23cvss 3.5epss 0.01
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
- risk 0.22cvss 4.5epss 0.00
A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption.
- risk 0.22cvss 4.4epss 0.01
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
- risk 0.21cvss 4.3epss 0.00
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Leveraging Race Conditions.This issue affects MasterStudy LMS: from n/a through <= 3.6.20.
- risk 0.20cvss 3.1epss 0.00
Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- risk 0.20cvss 3.1epss 0.00
A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high…
- risk 0.20cvss 3.1epss 0.00
Race in Shared Storage in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)