CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
ClassDraftLikelihood: Medium
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (767)
page 8 of 39| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-6516 | Hig | 0.48 | 7.4 | 0.01 | Aug 6, 2016 | Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability. | |
| CVE-2016-2069 | Hig | 0.48 | 7.4 | 0.00 | Apr 27, 2016 | Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. | |
| CVE-2013-1292 | Hig | 0.48 | 7.4 | 0.00 | Apr 9, 2013 | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability." | |
| CVE-2013-1278 | Hig | 0.48 | 7.4 | 0.00 | Feb 13, 2013 | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. | |
| CVE-2026-34856 | Hig | 0.47 | 7.3 | 0.00 | Apr 13, 2026 | UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-23161 | Hig | 0.47 | 7.3 | 0.00 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix race of truncate and swap entry split The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it gets the entry order before that using xa_get_order without lock protection, and it may get an outdated order value if the entry is split or changed in other ways after the xa_get_order and before the xa_cmpxchg_irq. And besides, the order could grow and be larger than expected, and cause truncation to erase data beyond the end border. For example, if the target entry and following entries are swapped in or freed, then a large folio was added in place and swapped out, using the same entry, the xa_cmpxchg_irq will still succeed, it's very unlikely to happen though. To fix that, open code the Xarray cmpxchg and put the order retrieval and value checking in the same critical section. Also, ensure the order won't exceed the end border, skip it if the entry goes across the border. Skipping large swap entries crosses the end border is safe here. Shmem truncate iterates the range twice, in the first iteration, find_lock_entries already filtered such entries, and shmem will swapin the entries that cross the end border and partially truncate the folio (split the folio or at least zero part of it). So in the second loop here, if we see a swap entry that crosses the end order, it must at least have its content erased already. I observed random swapoff hangs and kernel panics when stress testing ZSWAP with shmem. After applying this patch, all problems are gone. | |
| CVE-2025-20104 | Hig | 0.47 | 7.3 | 0.00 | May 13, 2025 | Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-36262 | Hig | 0.47 | 7.2 | 0.00 | Feb 12, 2025 | Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |
| CVE-2017-11823 | Med | 0.47 | 6.7 | 0.03 | Oct 13, 2017 | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | |
| CVE-2014-0196 | Med | 0.47 | 5.5 | 0.39 | KEV | May 7, 2014 | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. |
| CVE-2026-45675 | Hig | 0.46 | 8.1 | 0.00 | May 15, 2026 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, he LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup handler (signup_handler in auths.py, line 663) was explicitly patched to prevent this race with the comment "Insert with default role first to avoid TOCTOU race", but the LDAP and OAuth code paths were never updated with the same fix. This vulnerability is fixed in 0.9.0. | |
| CVE-2026-34345 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34342 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34331 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-33839 | Hig | 0.46 | 7.0 | 0.00 | May 12, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-3006 | Hig | 0.46 | 7.0 | 0.00 | Apr 27, 2026 | Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software. | |
| CVE-2026-33104 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-32219 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-32150 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-32093 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. |