VYPR

CWE-667

Improper Locking

ClassDraft

Description

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-25 · CAPEC-26 · CAPEC-27

CVEs mapped to this weakness (147)

page 2 of 8
  • CVE-2026-46031HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851_irq() AND a TX packet has been sent, then the driver enables TX queue via netif_wake_queue() which schedules TX softirq…

  • CVE-2026-24182MedMay 26, 2026
    risk 0.42cvss 6.5epss 0.00

    NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2026-43296HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on…

  • CVE-2026-43253HigMay 6, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinlock With iommu.strict=1, the existing completion wait path can cause soft lockups under stressed environment, as wait_on_sem() busy-waits under the spinlock with…

  • CVE-2026-43029HigMay 1, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp_recvmsg() syzbot reported a soft lockup in mptcp_recvmsg() [0]. When receiving data with MSG_PEEK | MSG_WAITALL flags, the skb is not removed from the sk_receive_queue. This…

  • CVE-2026-31598HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dio_end_io_write ocfs2_unlink takes orphan dir inode_lock first and then ip_alloc_sem, while in ocfs2_dio_end_io_write, it acquires these locks in reverse order.…

  • CVE-2026-31467HigApr 22, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for…

  • CVE-2026-23419HigApr 3, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_net_refcnt_upgrade() is called while holding the socket lock: …

  • CVE-2026-31486HigApr 22, 2026
    risk 0.39cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regulator operations with mutex The regulator operations pmbus_regulator_get_voltage(), pmbus_regulator_set_voltage(), and pmbus_regulator_list_voltage() access PMBus registers and…

  • CVE-2008-4302MedSep 29, 2008
    risk 0.39cvss 5.5epss 0.01

    fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and…

  • CVE-2006-2374MedJun 13, 2006
    risk 0.39cvss 5.5epss 0.02

    The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device,…

  • CVE-2000-1198MedAug 31, 2001
    risk 0.39cvss 5.5epss 0.00

    qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.

  • CVE-2000-0338MedApr 23, 2000
    risk 0.39cvss 5.5epss 0.01

    Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.

  • CVE-2025-1221MedJul 30, 2025
    risk 0.38cvss epss 0.00

    A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host system (CPCd) due to heavy Zigbee traffic, resulting in a Denial of Service (DoS) attack, Only hard reset will bring the device to normal operation

  • CVE-2025-20047MedMay 13, 2025
    risk 0.37cvss 5.7epss 0.00

    Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

  • CVE-2025-68823MedJan 13, 2026
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ublk: fix deadlock when reading partition table When one process(such as udev) opens ublk block device (e.g., to read the partition table via bdev_open()), a deadlock[1] can occur: 1. bdev_open() grabs…

  • CVE-2025-39843MedSep 19, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when…

  • CVE-2025-39782MedSep 11, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() periodically release j_list_lock after processing a batch of buffers to avoid long…

  • CVE-2025-39773MedSep 11, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable 'time' in br_multicast_send_query() may overflow. If the time is smaller than…

  • CVE-2025-39736MedSep 11, 2025
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadlock due to lock inversion…