CWE-421
Race Condition During Access to Alternate Channel
BaseDraft
Description
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
This creates a race condition that allows an attacker to access the channel before the authorized user does.
Hierarchy (View 1000)
CVEs mapped to this weakness (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43687 | Med | 0.42 | 6.5 | 0.00 | Aug 14, 2025 | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution. | |
| CVE-2023-32256 | Hig | 0.42 | 7.5 | 0.00 | Aug 1, 2025 | A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue. | |
| CVE-2023-40536 | Med | 0.28 | 4.3 | 0.00 | May 16, 2024 | Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |