CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2900 vulnerabilities reference this CWE, most recent first.
GHSA-8M7C-HF24-5G47
Vulnerability from github – Published: 2026-06-05 16:20 – Updated: 2026-06-05 16:20Summary
Two concurrent token-exchange requests using the same OAuth authorization code could
each mint a distinct valid (access_token, refresh_token) pair, breaking the
single-use guarantee that PKCE relies on.
Details
The token-exchange flow read is_used and called markAsUsed as an unconditional
update at the end of the path. A new OAuthAuthorizationCode.claimByCode method now
performs an atomic compare-and-swap (WHERE code = ? AND is_used = false) and is
called immediately before OAuthToken.insert, after redirect-URI, PKCE, and client
authentication have all succeeded. Only the first concurrent caller's UPDATE wins;
the rest see invalid_grant: Authorization code has already been used.
Impact
An attacker who has observed an authorization code and the corresponding PKCE verifier (for example through a malicious OAuth-aware client or by racing a real exchange) could obtain a long-lived refresh token in addition to the legitimate one.
Credit
This issue was reported by @eddieran.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2026.05.0"
},
"package": {
"ecosystem": "npm",
"name": "nocodb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.05.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47386"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-05T16:20:32Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nTwo concurrent token-exchange requests using the same OAuth authorization code could\neach mint a distinct valid `(access_token, refresh_token)` pair, breaking the\nsingle-use guarantee that PKCE relies on.\n\n### Details\nThe token-exchange flow read `is_used` and called `markAsUsed` as an unconditional\nupdate at the end of the path. A new `OAuthAuthorizationCode.claimByCode` method now\nperforms an atomic compare-and-swap (`WHERE code = ? AND is_used = false`) and is\ncalled immediately before `OAuthToken.insert`, after redirect-URI, PKCE, and client\nauthentication have all succeeded. Only the first concurrent caller\u0027s `UPDATE` wins;\nthe rest see `invalid_grant: Authorization code has already been used`.\n\n### Impact\nAn attacker who has observed an authorization code and the corresponding PKCE\nverifier (for example through a malicious OAuth-aware client or by racing a real\nexchange) could obtain a long-lived refresh token in addition to the legitimate one.\n\n### Credit\nThis issue was reported by [@eddieran](https://github.com/eddieran).",
"id": "GHSA-8m7c-hf24-5g47",
"modified": "2026-06-05T16:20:32Z",
"published": "2026-06-05T16:20:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-8m7c-hf24-5g47"
},
{
"type": "PACKAGE",
"url": "https://github.com/nocodb/nocodb"
},
{
"type": "WEB",
"url": "https://github.com/nocodb/nocodb/releases/tag/2026.05.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "NocoDB: OAuth Authorization Code Race Condition"
}
GHSA-8MPQ-FMR3-6JXV
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2023-09-29 15:43LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.
Specific Go Packages Affected
github.com/lxc/lxd/shared
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/lxc/lxd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20151004155856-19c6961cc101"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2015-1340"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-07T22:39:10Z",
"nvd_published_at": "2019-04-22T16:29:00Z",
"severity": "HIGH"
},
"details": "LXD before version 0.19-0ubuntu5 `doUidshiftIntoContainer()` has an unsafe `Chmod()` call that races against the stat in the `Filepath.Walk()` function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker\u0027s choice.\n\n### Specific Go Packages Affected\ngithub.com/lxc/lxd/shared",
"id": "GHSA-8mpq-fmr3-6jxv",
"modified": "2023-09-29T15:43:23Z",
"published": "2022-05-24T16:44:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1340"
},
{
"type": "WEB",
"url": "https://github.com/lxc/lxd/pull/1189"
},
{
"type": "WEB",
"url": "https://github.com/lxc/lxd/commit/19c6961cc1012c8a529f20807328a9357f5034f4"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1502270"
},
{
"type": "PACKAGE",
"url": "https://github.com/lxc/lxd"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0071"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "LXD vulnerable to Race Condition"
}
GHSA-8MQM-PQ95-4FC3
Vulnerability from github – Published: 2022-05-14 01:09 – Updated: 2022-05-14 01:09/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.
{
"affected": [],
"aliases": [
"CVE-2016-4984"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-17T13:18:00Z",
"severity": "MODERATE"
},
"details": "/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.",
"id": "GHSA-8mqm-pq95-4fc3",
"modified": "2022-05-14T01:09:00Z",
"published": "2022-05-14T01:09:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4984"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1346120"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8P2Q-8RC4-VFP4
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
{
"affected": [],
"aliases": [
"CVE-2021-20261"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-11T21:15:00Z",
"severity": "MODERATE"
},
"details": "A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.",
"id": "GHSA-8p2q-8rc4-vfp4",
"modified": "2022-05-24T17:44:16Z",
"published": "2022-05-24T17:44:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20261"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932150"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8P36-M3PV-8WV3
Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2021-12-21 00:01In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A
{
"affected": [],
"aliases": [
"CVE-2021-39642"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A",
"id": "GHSA-8p36-m3pv-8wv3",
"modified": "2021-12-21T00:01:02Z",
"published": "2021-12-16T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39642"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8P5Q-PXRP-9P6G
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-49690"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:54Z",
"severity": "HIGH"
},
"details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.",
"id": "GHSA-8p5q-pxrp-9p6g",
"modified": "2025-07-08T18:31:47Z",
"published": "2025-07-08T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49690"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49690"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8P6H-M3RP-3M5J
Vulnerability from github – Published: 2023-05-09 18:30 – Updated: 2024-04-04 03:56Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-24903"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-09T18:15:12Z",
"severity": "HIGH"
},
"details": "Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability",
"id": "GHSA-8p6h-m3rp-3m5j",
"modified": "2024-04-04T03:56:15Z",
"published": "2023-05-09T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24903"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24903"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8P93-RMGX-3XQ4
Vulnerability from github – Published: 2022-05-17 02:33 – Updated: 2022-05-17 02:33A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
{
"affected": [],
"aliases": [
"CVE-2016-10242"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-16T14:29:00Z",
"severity": "HIGH"
},
"details": "A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.",
"id": "GHSA-8p93-rmgx-3xq4",
"modified": "2022-05-17T02:33:13Z",
"published": "2022-05-17T02:33:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10242"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98555"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8PC2-4QG2-6M45
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-12-17 18:31In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: Fix race of buffer access at PCM OSS layer
The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_format_set_silence() with runtime->dma_area. But this may lead to a UAF because the accessed runtime->dma_area might be freed concurrently, as it's performed outside the PCM ops.
For avoiding it, move the code into the PCM core and perform it inside the buffer access lock, so that it won't be changed during the operation.
{
"affected": [],
"aliases": [
"CVE-2025-38078"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T10:15:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix race of buffer access at PCM OSS layer\n\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime-\u003edma_area. But this may\nlead to a UAF because the accessed runtime-\u003edma_area might be freed\nconcurrently, as it\u0027s performed outside the PCM ops.\n\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won\u0027t be changed during the\noperation.",
"id": "GHSA-8pc2-4qg2-6m45",
"modified": "2025-12-17T18:31:31Z",
"published": "2025-06-18T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38078"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/10217da9644ae75cea7330f902c35fc5ba78bbbf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74d90875f3d43f3eff0e9861c4701418795d3455"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8170d8ec4efd0be352c14cb61f374e30fb0c2a25"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/93a81ca0657758b607c3f4ba889ae806be9beb73"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afa56c960fcb4db37f2e3399f28e9402e4e1f470"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf85e49aaf3a3c5775ea87369ea5f159c2148db4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0e05a76fc727929524ef24a19c302e6dd40233f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f3e14d706ec18faf19f5a6e75060e140fea05d4a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8PF3-6FGR-3G3G
Vulnerability from github – Published: 2023-04-18 22:29 – Updated: 2023-04-18 22:29Impact
chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React() may be incorrect. In an application, this means that any data derived from chainId could be incorrect.
For example, if a swapping application derives a wrapped token contract address from the chainId and a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This is a common approach when using other foundational libraries like ethers, and most users of v8 will want to upgrade past the affected versions.
Patches
Patched in https://github.com/Uniswap/web3-react/pull/749. Users of web3-react@8.0.x-beta.0 should upgrade to at least: - @web3-react/coinbase-wallet@^8.0.35-beta.0 - @web3-react/eip1193@^8.0.27-beta.0 - @web3-react/metamask@^8.0.30-beta.0 - @web3-react/walletconnect@^8.0.37-beta.0
Workarounds
N/A
References
N/A
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@web3-react/coinbase-wallet"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.0.35-beta.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 8.0.27-beta.0"
},
"package": {
"ecosystem": "npm",
"name": "@web3-react/eip1193"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.0.27-beta"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@web3-react/metamask"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.0.30-beta.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@web3-react/walletconnect"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "8.0.37-beta.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-30543"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-18T22:29:53Z",
"nvd_published_at": "2023-04-17T22:15:10Z",
"severity": "MODERATE"
},
"details": "### Impact\n`chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect.\n\nFor example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This is a common approach when using other foundational libraries like [`ethers`](https://github.com/ethers-io/ethers.js), and most users of v8 will want to upgrade past the affected versions.\n\n### Patches\nPatched in https://github.com/Uniswap/web3-react/pull/749.\nUsers of web3-react@8.0.x-beta.0 should upgrade to at least:\n - @web3-react/coinbase-wallet@^8.0.35-beta.0\n - @web3-react/eip1193@^8.0.27-beta.0\n - @web3-react/metamask@^8.0.30-beta.0\n - @web3-react/walletconnect@^8.0.37-beta.0\n\n### Workarounds\nN/A\n\n### References\nN/A\n",
"id": "GHSA-8pf3-6fgr-3g3g",
"modified": "2023-04-18T22:29:53Z",
"published": "2023-04-18T22:29:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30543"
},
{
"type": "WEB",
"url": "https://github.com/Uniswap/web3-react/pull/749"
},
{
"type": "PACKAGE",
"url": "https://github.com/Uniswap/web3-react"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "`chainId` may be outdated if user changes chains as part of connection in @web3-react"
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.