CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2900 vulnerabilities reference this CWE, most recent first.
GHSA-85P4-J66F-MVWQ
Vulnerability from github – Published: 2023-04-06 18:30 – Updated: 2023-04-12 21:30In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772.
{
"affected": [],
"aliases": [
"CVE-2023-20687"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-06T18:15:00Z",
"severity": "MODERATE"
},
"details": "In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772.",
"id": "GHSA-85p4-j66f-mvwq",
"modified": "2023-04-12T21:30:20Z",
"published": "2023-04-06T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20687"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/April-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-85P7-8497-7788
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Clip Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50384"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:01Z",
"severity": "HIGH"
},
"details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Clip Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-85p7-8497-7788",
"modified": "2026-07-14T18:32:05Z",
"published": "2026-07-14T18:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50384"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-85XR-J783-4JM2
Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.
{
"affected": [],
"aliases": [
"CVE-2018-18808"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-07T22:29:00Z",
"severity": "HIGH"
},
"details": "The domain management component of TIBCO Software Inc.\u0027s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.\u0027s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.",
"id": "GHSA-85xr-j783-4jm2",
"modified": "2022-05-13T01:33:42Z",
"published": "2022-05-13T01:33:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18808"
},
{
"type": "WEB",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-server-2018-18808"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107350"
},
{
"type": "WEB",
"url": "http://www.tibco.com/services/support/advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8647-755Q-FW9P
Vulnerability from github – Published: 2026-04-10 19:54 – Updated: 2026-04-24 21:09Impact
If the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication.
Patches
This is fixed in the version 0.112. Users should upgrade to this version as soon as possible.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.111"
},
"package": {
"ecosystem": "PyPI",
"name": "ajenti.plugin.core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.112"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40178"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-10T19:54:41Z",
"nvd_published_at": "2026-04-10T20:16:23Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nIf the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication.\n\n### Patches\n\nThis is fixed in the version 0.112. Users should upgrade to this version as soon as possible.",
"id": "GHSA-8647-755q-fw9p",
"modified": "2026-04-24T21:09:51Z",
"published": "2026-04-10T19:54:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ajenti/ajenti/security/advisories/GHSA-8647-755q-fw9p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40178"
},
{
"type": "PACKAGE",
"url": "https://github.com/ajenti/ajenti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "ajenti.plugin.core has race conditions in 2FA"
}
GHSA-868Q-J7QX-M3GF
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33Windows Remote Desktop Services Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49108"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T02:04:36Z",
"severity": "HIGH"
},
"details": "Windows Remote Desktop Services Remote Code Execution Vulnerability",
"id": "GHSA-868q-j7qx-m3gf",
"modified": "2024-12-12T03:33:05Z",
"published": "2024-12-12T03:33:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49108"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8693-G75H-9WVM
Vulnerability from github – Published: 2022-05-17 05:48 – Updated: 2022-05-17 05:48mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.
{
"affected": [],
"aliases": [
"CVE-2010-2961"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-09-14T19:00:00Z",
"severity": "MODERATE"
},
"details": "mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.",
"id": "GHSA-8693-g75h-9wvm",
"modified": "2022-05-17T05:48:26Z",
"published": "2022-05-17T05:48:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2961"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/591807"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/41351"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/67914"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-985-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2342"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-86PG-J5JW-F37R
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2023-03-03 15:30A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.
{
"affected": [],
"aliases": [
"CVE-2020-3350"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-18T03:15:00Z",
"severity": "LOW"
},
"details": "A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.",
"id": "GHSA-86pg-j5jw-f37r",
"modified": "2023-03-03T15:30:18Z",
"published": "2022-05-24T17:20:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3350"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-23"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4435-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4435-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-86X5-95QC-WMGH
Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-06-03 00:00A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
{
"affected": [],
"aliases": [
"CVE-2020-3894"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-01T18:15:00Z",
"severity": "LOW"
},
"details": "A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.",
"id": "GHSA-86x5-95qc-wmgh",
"modified": "2022-06-03T00:00:39Z",
"published": "2022-05-24T17:13:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3894"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-08"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211101"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211102"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211104"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211105"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211106"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211107"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4681"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157378/WebKit-AudioArray-allocate-Data-Race-Out-Of-Bounds-Access.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/04/27/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-875M-Q5C9-G9V7
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:50A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container.
{
"affected": [],
"aliases": [
"CVE-2019-14694"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-28T20:15:00Z",
"severity": "MODERATE"
},
"details": "A use-after-free flaw in the sandbox container implemented in cmdguard.sys in Comodo Antivirus 12.0.0.6870 can be triggered due to a race condition when handling IRP_MJ_CLEANUP requests in the minifilter for directory change notifications. This allows an attacker to cause a denial of service (BSOD) when an executable is run inside the container.",
"id": "GHSA-875m-q5c9-g9v7",
"modified": "2024-04-04T01:50:13Z",
"published": "2022-05-24T16:55:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14694"
},
{
"type": "WEB",
"url": "https://github.com/SouhailHammou/Exploits/blob/master/CVE-2019-14694%20-%20Comodo%20AV%20Sandbox%20Race%20Condition%20UAF/comodo_av_uaf_poc.c"
},
{
"type": "WEB",
"url": "http://rce4fun.blogspot.com/2019/08/comodo-antivirus-sandbox-race-condition.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8799-VGXH-GH75
Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
NFSD: fix race between nfsd registration and exports_proc
As of now nfsd calls create_proc_exports_entry() at start of init_nfsd and cleanup by remove_proc_entry() at last of exit_nfsd.
Which causes kernel OOPs if there is race between below 2 operations: (i) exportfs -r (ii) mount -t nfsd none /proc/fs/nfsd
for 5.4 kernel ARM64:
CPU 1: el1_irq+0xbc/0x180 arch_counter_get_cntvct+0x14/0x18 running_clock+0xc/0x18 preempt_count_add+0x88/0x110 prep_new_page+0xb0/0x220 get_page_from_freelist+0x2d8/0x1778 __alloc_pages_nodemask+0x15c/0xef0 __vmalloc_node_range+0x28c/0x478 __vmalloc_node_flags_caller+0x8c/0xb0 kvmalloc_node+0x88/0xe0 nfsd_init_net+0x6c/0x108 [nfsd] ops_init+0x44/0x170 register_pernet_operations+0x114/0x270 register_pernet_subsys+0x34/0x50 init_nfsd+0xa8/0x718 [nfsd] do_one_initcall+0x54/0x2e0
CPU 2 : Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
PC is at : exports_net_open+0x50/0x68 [nfsd]
Call trace: exports_net_open+0x50/0x68 [nfsd] exports_proc_open+0x2c/0x38 [nfsd] proc_reg_open+0xb8/0x198 do_dentry_open+0x1c4/0x418 vfs_open+0x38/0x48 path_openat+0x28c/0xf18 do_filp_open+0x70/0xe8 do_sys_open+0x154/0x248
Sometimes it crashes at exports_net_open() and sometimes cache_seq_next_rcu().
and same is happening on latest 6.14 kernel as well:
[ 0.000000] Linux version 6.14.0-rc5-next-20250304-dirty ... [ 285.455918] Unable to handle kernel paging request at virtual address 00001f4800001f48 ... [ 285.464902] pc : cache_seq_next_rcu+0x78/0xa4 ... [ 285.469695] Call trace: [ 285.470083] cache_seq_next_rcu+0x78/0xa4 (P) [ 285.470488] seq_read+0xe0/0x11c [ 285.470675] proc_reg_read+0x9c/0xf0 [ 285.470874] vfs_read+0xc4/0x2fc [ 285.471057] ksys_read+0x6c/0xf4 [ 285.471231] __arm64_sys_read+0x1c/0x28 [ 285.471428] invoke_syscall+0x44/0x100 [ 285.471633] el0_svc_common.constprop.0+0x40/0xe0 [ 285.471870] do_el0_svc_compat+0x1c/0x34 [ 285.472073] el0_svc_compat+0x2c/0x80 [ 285.472265] el0t_32_sync_handler+0x90/0x140 [ 285.472473] el0t_32_sync+0x19c/0x1a0 [ 285.472887] Code: f9400885 93407c23 937d7c27 11000421 (f86378a3) [ 285.473422] ---[ end trace 0000000000000000 ]---
It reproduced simply with below script: while [ 1 ] do /exportfs -r done &
while [ 1 ] do insmod /nfsd.ko mount -t nfsd none /proc/fs/nfsd umount /proc/fs/nfsd rmmod nfsd done &
So exporting interfaces to user space shall be done at last and cleanup at first place.
With change there is no Kernel OOPs.
{
"affected": [],
"aliases": [
"CVE-2025-38232"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T14:15:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: fix race between nfsd registration and exports_proc\n\nAs of now nfsd calls create_proc_exports_entry() at start of init_nfsd\nand cleanup by remove_proc_entry() at last of exit_nfsd.\n\nWhich causes kernel OOPs if there is race between below 2 operations:\n(i) exportfs -r\n(ii) mount -t nfsd none /proc/fs/nfsd\n\nfor 5.4 kernel ARM64:\n\nCPU 1:\nel1_irq+0xbc/0x180\narch_counter_get_cntvct+0x14/0x18\nrunning_clock+0xc/0x18\npreempt_count_add+0x88/0x110\nprep_new_page+0xb0/0x220\nget_page_from_freelist+0x2d8/0x1778\n__alloc_pages_nodemask+0x15c/0xef0\n__vmalloc_node_range+0x28c/0x478\n__vmalloc_node_flags_caller+0x8c/0xb0\nkvmalloc_node+0x88/0xe0\nnfsd_init_net+0x6c/0x108 [nfsd]\nops_init+0x44/0x170\nregister_pernet_operations+0x114/0x270\nregister_pernet_subsys+0x34/0x50\ninit_nfsd+0xa8/0x718 [nfsd]\ndo_one_initcall+0x54/0x2e0\n\nCPU 2 :\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n\nPC is at : exports_net_open+0x50/0x68 [nfsd]\n\nCall trace:\nexports_net_open+0x50/0x68 [nfsd]\nexports_proc_open+0x2c/0x38 [nfsd]\nproc_reg_open+0xb8/0x198\ndo_dentry_open+0x1c4/0x418\nvfs_open+0x38/0x48\npath_openat+0x28c/0xf18\ndo_filp_open+0x70/0xe8\ndo_sys_open+0x154/0x248\n\nSometimes it crashes at exports_net_open() and sometimes cache_seq_next_rcu().\n\nand same is happening on latest 6.14 kernel as well:\n\n[ 0.000000] Linux version 6.14.0-rc5-next-20250304-dirty\n...\n[ 285.455918] Unable to handle kernel paging request at virtual address 00001f4800001f48\n...\n[ 285.464902] pc : cache_seq_next_rcu+0x78/0xa4\n...\n[ 285.469695] Call trace:\n[ 285.470083] cache_seq_next_rcu+0x78/0xa4 (P)\n[ 285.470488] seq_read+0xe0/0x11c\n[ 285.470675] proc_reg_read+0x9c/0xf0\n[ 285.470874] vfs_read+0xc4/0x2fc\n[ 285.471057] ksys_read+0x6c/0xf4\n[ 285.471231] __arm64_sys_read+0x1c/0x28\n[ 285.471428] invoke_syscall+0x44/0x100\n[ 285.471633] el0_svc_common.constprop.0+0x40/0xe0\n[ 285.471870] do_el0_svc_compat+0x1c/0x34\n[ 285.472073] el0_svc_compat+0x2c/0x80\n[ 285.472265] el0t_32_sync_handler+0x90/0x140\n[ 285.472473] el0t_32_sync+0x19c/0x1a0\n[ 285.472887] Code: f9400885 93407c23 937d7c27 11000421 (f86378a3)\n[ 285.473422] ---[ end trace 0000000000000000 ]---\n\nIt reproduced simply with below script:\nwhile [ 1 ]\ndo\n/exportfs -r\ndone \u0026\n\nwhile [ 1 ]\ndo\ninsmod /nfsd.ko\nmount -t nfsd none /proc/fs/nfsd\numount /proc/fs/nfsd\nrmmod nfsd\ndone \u0026\n\nSo exporting interfaces to user space shall be done at last and\ncleanup at first place.\n\nWith change there is no Kernel OOPs.",
"id": "GHSA-8799-vgxh-gh75",
"modified": "2026-07-14T15:31:25Z",
"published": "2025-07-04T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38232"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2029ca75cdfa6a25716a5a76b751486cce7e3822"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/327011a2bb4f7de9c72b891a96ce8d902828bddf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/49b57b98fa601ae6cc7897bab4515129da8290f7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8120e420013d947c890f358f30a2d98ba8ac20bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/88d6785c173a7c4de05bef8c4fd8a9b42ead02d5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f7fb730cac9aafda8b9813b55d04e28a9664d17c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.