Sign in Get started

CWE-667

Improper Locking

ClassDraft

Description

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Hierarchy (View 1000)

Parents

CWE-662

Children

Related attack patterns (CAPEC)

CAPEC-25 · CAPEC-26 · CAPEC-27

CVEs mapped to this weakness (104)

page 6 of 6

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-20044	Med	0.27	4.1	0.00		Aug 12, 2025	Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-50044	Low	0.21	3.3	0.00		Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it causing the following trace: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ------------------------------------------------------ syz-executor386/5093 is trying to acquire lock: ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1671 [inline] ffff88807c396258 (sk_lock-AF_BLUETOOTH-BTPROTO_RFCOMM){+.+.}-{0:0}, at: rfcomm_sk_state_change+0x5b/0x310 net/bluetooth/rfcomm/sock.c:73 but task is already holding lock: ffff88807badfd28 (&d->lock){+.+.}-{3:3}, at: __rfcomm_dlc_close+0x226/0x6a0 net/bluetooth/rfcomm/core.c:491
CVE-2002-1869	Low	0.21	3.3	0.00		Dec 31, 2002	Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does not check whether the log file can be written to, which allows attackers to prevent events from being recorded by opening the log file using an application such as Microsoft's Event Viewer.
CVE-2026-22735	Low	0.17	2.6	0.00		Mar 20, 2026	Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.