CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 5 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30513 | — | Hig | 0.51 | 7.9 | 0.00 | Feb 10, 2026 | Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when… | |
| CVE-2026-23004 | Hig | 0.51 | 7.8 | 0.00 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in… | ||
| CVE-2025-43364 | Hig | 0.51 | 7.8 | 0.00 | Nov 4, 2025 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26.1. An app may be able to break out of its sandbox. | ||
| CVE-2025-31188 | Hig | 0.51 | 7.8 | 0.00 | Mar 31, 2025 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to bypass Privacy preferences. | ||
| CVE-2024-47892 | — | Hig | 0.51 | 7.8 | 0.00 | Dec 13, 2024 | Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | |
| CVE-2024-46971 | — | Hig | 0.51 | 7.8 | 0.00 | Dec 13, 2024 | Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | |
| CVE-2024-43701 | — | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2024 | Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | |
| CVE-2024-23599 | — | Hig | 0.51 | 7.9 | 0.00 | Sep 16, 2024 | Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access. | |
| CVE-2024-29863 | Hig | 0.51 | 7.8 | 0.00 | Apr 5, 2024 | A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator. | ||
| CVE-2016-9038 | Hig | 0.51 | 7.8 | 0.00 | Apr 24, 2018 | An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to… | ||
| CVE-2017-14880 | Hig | 0.51 | 7.8 | 0.00 | Apr 3, 2018 | In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule"… | ||
| CVE-2017-15826 | Hig | 0.51 | 7.8 | 0.00 | Mar 30, 2018 | Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures. | ||
| CVE-2017-16512 | Hig | 0.51 | 7.8 | 0.00 | Mar 29, 2018 | The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available. | ||
| CVE-2017-14798 | Hig | 0.51 | 7.3 | 0.01 | Mar 1, 2018 | A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root. | ||
| CVE-2017-15357 | Hig | 0.51 | 7.4 | 0.01 | Dec 1, 2017 | The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | ||
| CVE-2017-15588 | Hig | 0.51 | 7.8 | 0.00 | Oct 18, 2017 | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. | ||
| CVE-2017-9677 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another… | ||
| CVE-2017-0794 | Hig | 0.51 | 7.8 | 0.00 | Sep 8, 2017 | A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. | ||
| CVE-2017-12136 | Hig | 0.51 | 7.8 | 0.00 | Aug 24, 2017 | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | ||
| CVE-2017-8257 | Hig | 0.51 | 7.8 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. |
- risk 0.51cvss 7.9epss 0.00
Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when…
- risk 0.51cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in…
- risk 0.51cvss 7.8epss 0.00
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26.1. An app may be able to break out of its sandbox.
- risk 0.51cvss 7.8epss 0.00
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to bypass Privacy preferences.
- risk 0.51cvss 7.8epss 0.00
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
- risk 0.51cvss 7.8epss 0.00
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
- risk 0.51cvss 7.8epss 0.00
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.
- risk 0.51cvss 7.9epss 0.00
Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access.
- risk 0.51cvss 7.8epss 0.00
A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator.
- risk 0.51cvss 7.8epss 0.00
An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to…
- risk 0.51cvss 7.8epss 0.00
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule"…
- risk 0.51cvss 7.8epss 0.00
Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.
- risk 0.51cvss 7.8epss 0.00
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.
- risk 0.51cvss 7.3epss 0.01
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
- risk 0.51cvss 7.4epss 0.01
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another…
- risk 0.51cvss 7.8epss 0.00
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
- risk 0.51cvss 7.8epss 0.00
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.