CWE-413
Improper Resource Locking
BaseDraft
Description
The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.
When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the product. This might violate the product's assumption that the resource will not change, potentially leading to unexpected behaviors.
Hierarchy (View 1000)
CVEs mapped to this weakness (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3450 | Cri | 0.65 | 10.0 | 0.00 | Oct 7, 2025 | An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions. | |
| CVE-2025-0003 | Hig | 0.47 | 7.3 | 0.00 | Nov 24, 2025 | Inadequate lock protection within Xilinx Run time may allow a local attacker to trigger a Use-After-Free condition potentially resulting in loss of confidentiality or availability | |
| CVE-2022-49737 | Hig | 0.43 | 7.7 | 0.00 | Mar 16, 2025 | In X.Org X server 20.11 through 21.1.16, when a client application uses easystroke for mouse gestures, the main thread modifies various data structures used by the input thread without acquiring a lock, aka a race condition. In particular, AttachDevice in dix/devices.c does not acquire an input lock. | |
| CVE-2023-32253 | Med | 0.38 | 5.9 | 0.00 | Aug 2, 2025 | A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service. |