VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 5 of 55
  • CVE-2025-30513HigFeb 10, 2026
    risk 0.51cvss 7.9epss 0.00

    Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when…

  • CVE-2026-23004HigJan 25, 2026
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in…

  • CVE-2025-43364HigNov 4, 2025
    risk 0.51cvss 7.8epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26.1. An app may be able to break out of its sandbox.

  • CVE-2025-31188HigMar 31, 2025
    risk 0.51cvss 7.8epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to bypass Privacy preferences.

  • CVE-2024-47892HigDec 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

  • CVE-2024-46971HigDec 13, 2024
    risk 0.51cvss 7.8epss 0.00

    Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

  • CVE-2024-43701HigOct 14, 2024
    risk 0.51cvss 7.8epss 0.00

    Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU.

  • CVE-2024-23599HigSep 16, 2024
    risk 0.51cvss 7.9epss 0.00

    Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2024-29863HigApr 5, 2024
    risk 0.51cvss 7.8epss 0.00

    A race condition in the installer executable in Qlik Qlikview before versions May 2022 SR3 (12.70.20300) and May 2023 SR2 (12,80.20200) may allow an existing lower privileged user to cause code to be executed in the context of a Windows Administrator.

  • CVE-2016-9038HigApr 24, 2018
    risk 0.51cvss 7.8epss 0.00

    An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to…

  • CVE-2017-14880HigApr 3, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule"…

  • CVE-2017-15826HigMar 30, 2018
    risk 0.51cvss 7.8epss 0.00

    Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures.

  • CVE-2017-16512HigMar 29, 2018
    risk 0.51cvss 7.8epss 0.00

    The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 through 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.

  • CVE-2017-14798HigMar 1, 2018
    risk 0.51cvss 7.3epss 0.01

    A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.

  • CVE-2017-15357HigDec 1, 2017
    risk 0.51cvss 7.4epss 0.01

    The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.

  • CVE-2017-15588HigOct 18, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.

  • CVE-2017-9677HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another…

  • CVE-2017-0794HigSep 8, 2017
    risk 0.51cvss 7.8epss 0.00

    A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.

  • CVE-2017-12136HigAug 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

  • CVE-2017-8257HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.