Common Weakness Enumeration

CWE-362

Allowed-with-Review

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Abstraction: Class · Status: Draft

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2900 vulnerabilities reference this CWE, most recent first.

GHSA-8PHJ-P75X-7GV8

Vulnerability from github – Published: 2025-12-24 15:30 – Updated: 2026-02-26 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Fix race condition when unbinding BOs

Fix 'Memory manager not clean during takedown' warning that occurs when ivpu_gem_bo_free() removes the BO from the BOs list before it gets unmapped. Then file_priv_unbind() triggers a warning in drm_mm_takedown() during context teardown.

Protect the unmapping sequence with bo_list_lock to ensure the BO is always fully unmapped when removed from the list. This ensures the BO is either fully unmapped at context teardown time or present on the list and unmapped by file_priv_unbind().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-68749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T13:16:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix race condition when unbinding BOs\n\nFix \u0027Memory manager not clean during takedown\u0027 warning that occurs\nwhen ivpu_gem_bo_free() removes the BO from the BOs list before it\ngets unmapped. Then file_priv_unbind() triggers a warning in\ndrm_mm_takedown() during context teardown.\n\nProtect the unmapping sequence with bo_list_lock to ensure the BO is\nalways fully unmapped when removed from the list. This ensures the BO\nis either fully unmapped at context teardown time or present on the\nlist and unmapped by file_priv_unbind().",
  "id": "GHSA-8phj-p75x-7gv8",
  "modified": "2026-02-26T21:31:25Z",
  "published": "2025-12-24T15:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68749"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/00812636df370bedf4e44a0c81b86ea96bca8628"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0328bb097bef05a796217c54b3d651cc3782827c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d71333ffdd3707d84cfb95acfaf8ba892adc066b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb16493ebd8f171bcf0772262619618a131f30f7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PPX-VMHM-CXJ7

Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2025-04-02 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: bridge: switchdev: Skip MDB replays of deferred events on offload

Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping logic or from user configuration.

While new memberships are immediately visible to walkers of br->mdb_list, the notification of their existence to switchdev event subscribers is deferred until a later point in time. So if a replay list was generated during a time that overlapped with such a window, it would also contain a replay of the not-yet-delivered event.

The driver would thus receive two copies of what the bridge internally considered to be one single event. On destruction of the bridge, only a single membership deletion event was therefore sent. As a consequence of this, drivers which reference count memberships (at least DSA), would be left with orphan groups in their hardware database when the bridge was destroyed.

This is only an issue when replaying additions. While deletion events may still be pending on the deferred queue, they will already have been removed from br->mdb_list, so no duplicates can be generated in that scenario.

To a user this meant that old group memberships, from a bridge in which a port was previously attached, could be reanimated (in hardware) when the port joined a new bridge, without the new bridge's knowledge.

For example, on an mv88e6xxx system, create a snooping bridge and immediately add a port to it:

root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 && \
> ip link set dev x3 up master br0

And then destroy the bridge:

root@infix-06-0b-00:~$ ip link del dev br0
root@infix-06-0b-00:~$ mvls atu
ADDRESS             FID  STATE      Q  F  0  1  2  3  4  5  6  7  8  9  a
DEV:0 Marvell 88E6393X
33:33:00:00:00:6a     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .
33:33:ff:87:e4:3f     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .
ff:ff:ff:ff:ff:ff     1  static     -  -  0  1  2  3  4  5  6  7  8  9  a
root@infix-06-0b-00:~$

The two IPv6 groups remain in the hardware database because the port (x3) is notified of the host's membership twice: once via the original event and once via a replay. Since only a single delete notification is sent, the count remains at 1 when the bridge is destroyed.

Then add the same port (or another port belonging to the same hardware domain) to a new bridge, this time with snooping disabled:

root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 && \
> ip link set dev x3 up master br1

All multicast, including the two IPv6 groups from br0, should now be flooded, according to the policy of br1. But instead the old memberships are still active in the hardware database, causing the switch to only forward traffic to those groups towards the CPU (port 0).

Eliminate the race in two steps:

  1. Grab the write-side lock of the MDB while generating the replay list.

This prevents new memberships from showing up while we are generating the replay list. But it leaves the scenario in which a deferred event was already generated, but not delivered, before we grabbed the lock. Therefore:

  1. Make sure that no deferred version of a replay event is already enqueued to the switchdev deferred queue, before adding it to the replay list, when replaying additions.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26837"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-17T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: switchdev: Skip MDB replays of deferred events on offload\n\nBefore this change, generation of the list of MDB events to replay\nwould race against the creation of new group memberships, either from\nthe IGMP/MLD snooping logic or from user configuration.\n\nWhile new memberships are immediately visible to walkers of\nbr-\u003emdb_list, the notification of their existence to switchdev event\nsubscribers is deferred until a later point in time. So if a replay\nlist was generated during a time that overlapped with such a window,\nit would also contain a replay of the not-yet-delivered event.\n\nThe driver would thus receive two copies of what the bridge internally\nconsidered to be one single event. On destruction of the bridge, only\na single membership deletion event was therefore sent. As a\nconsequence of this, drivers which reference count memberships (at\nleast DSA), would be left with orphan groups in their hardware\ndatabase when the bridge was destroyed.\n\nThis is only an issue when replaying additions. While deletion events\nmay still be pending on the deferred queue, they will already have\nbeen removed from br-\u003emdb_list, so no duplicates can be generated in\nthat scenario.\n\nTo a user this meant that old group memberships, from a bridge in\nwhich a port was previously attached, could be reanimated (in\nhardware) when the port joined a new bridge, without the new bridge\u0027s\nknowledge.\n\nFor example, on an mv88e6xxx system, create a snooping bridge and\nimmediately add a port to it:\n\n    root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 \u0026\u0026 \\\n    \u003e ip link set dev x3 up master br0\n\nAnd then destroy the bridge:\n\n    root@infix-06-0b-00:~$ ip link del dev br0\n    root@infix-06-0b-00:~$ mvls atu\n    ADDRESS             FID  STATE      Q  F  0  1  2  3  4  5  6  7  8  9  a\n    DEV:0 Marvell 88E6393X\n    33:33:00:00:00:6a     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .\n    33:33:ff:87:e4:3f     1  static     -  -  0  .  .  .  .  .  .  .  .  .  .\n    ff:ff:ff:ff:ff:ff     1  static     -  -  0  1  2  3  4  5  6  7  8  9  a\n    root@infix-06-0b-00:~$\n\nThe two IPv6 groups remain in the hardware database because the\nport (x3) is notified of the host\u0027s membership twice: once via the\noriginal event and once via a replay. Since only a single delete\nnotification is sent, the count remains at 1 when the bridge is\ndestroyed.\n\nThen add the same port (or another port belonging to the same hardware\ndomain) to a new bridge, this time with snooping disabled:\n\n    root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 \u0026\u0026 \\\n    \u003e ip link set dev x3 up master br1\n\nAll multicast, including the two IPv6 groups from br0, should now be\nflooded, according to the policy of br1. But instead the old\nmemberships are still active in the hardware database, causing the\nswitch to only forward traffic to those groups towards the CPU (port\n0).\n\nEliminate the race in two steps:\n\n1. Grab the write-side lock of the MDB while generating the replay\n   list.\n\nThis prevents new memberships from showing up while we are generating\nthe replay list. But it leaves the scenario in which a deferred event\nwas already generated, but not delivered, before we grabbed the\nlock. Therefore:\n\n2. Make sure that no deferred version of a replay event is already\n   enqueued to the switchdev deferred queue, before adding it to the\n   replay list, when replaying additions.",
  "id": "GHSA-8ppx-vmhm-cxj7",
  "modified": "2025-04-02T15:30:51Z",
  "published": "2024-04-17T12:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26837"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d5b4b3376fa146a23917b8577064906d643925f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/603be95437e7fd85ba694e75918067fb9e7754db"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dc489f86257cab5056e747344f17a164f63bff4b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e0b4c5b1d760008f1dd18c07c35af0442e54f9c8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8Q2V-67V7-6VC6

Vulnerability from github – Published: 2021-08-25 20:48 – Updated: 2023-06-13 20:48
VLAI
Summary
Data races in rocket
Details

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "rocket"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.4.0"
            },
            {
              "fixed": "0.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:07:49Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time.",
  "id": "GHSA-8q2v-67v7-6vc6",
  "modified": "2023-06-13T20:48:27Z",
  "published": "2021-08-25T20:48:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35882"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SergioBenitez/Rocket/issues/1312"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SergioBenitez/Rocket"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Data races in rocket"
}

GHSA-8Q5C-93VG-C747

Vulnerability from github – Published: 2021-08-25 21:00 – Updated: 2021-08-19 19:03
VLAI
Summary
WITHDRAWN
Details

WITHDRAWN

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "toolshed"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-05T22:05:47Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "WITHDRAWN",
  "id": "GHSA-8q5c-93vg-c747",
  "modified": "2021-08-19T19:03:37Z",
  "published": "2021-08-25T21:00:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ratel-rust/toolshed/issues/12"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ratel-rust/toolshed"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0136.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "WITHDRAWN",
  "withdrawn": "2021-08-19T19:03:37Z"
}

GHSA-8Q64-WRFR-Q48C

Vulnerability from github – Published: 2021-08-25 20:59 – Updated: 2021-08-24 17:59
VLAI
Summary
Data races in model
Details

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust.

Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and care must be taken so that the testing code does not have a data race besides a race condition that is expected to be caught by the test.

Check the Rustonomicon for the difference between a data race and a general race condition.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "model"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-09T17:22:47Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "`Shared` data structure in `model` crate implements `Send` and `Sync` traits regardless of the inner type.\nThis allows safe Rust code to trigger a data race, which is undefined behavior in Rust.\n\nUsers are advised to treat `Shared` as an unsafe type.\nIt should not be used outside of the testing context,\nand care must be taken so that the testing code does not have a data race\nbesides a race condition that is expected to be caught by the test.\n\nCheck [the Rustonomicon](https://doc.rust-lang.org/nomicon/races.html) for the difference between\na data race and a general race condition.\n",
  "id": "GHSA-8q64-wrfr-q48c",
  "modified": "2021-08-24T17:59:47Z",
  "published": "2021-08-25T20:59:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/spacejam/model/issues/3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spacejam/model"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0140.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Data races in model",
  "withdrawn": "2021-08-24T17:59:47Z"
}

GHSA-8Q7V-5P8J-CFCG

Vulnerability from github – Published: 2026-05-13 21:32 – Updated: 2026-07-14 18:31
VLAI
Details

A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-13T19:16:56Z",
    "severity": "MODERATE"
  },
  "details": "A race condition vulnerability in Palo Alto Networks Prisma\u00ae Browser enables a locally authenticated non-admin user to bypass certain access and data control policies.",
  "id": "GHSA-8q7v-5p8j-cfcg",
  "modified": "2026-07-14T18:31:45Z",
  "published": "2026-05-13T21:32:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0235"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0235"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8QQF-QHMM-W3CM

Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2023-02-02 15:30
VLAI
Details

The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-14898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-08T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.",
  "id": "GHSA-8qqf-qhmm-w3cm",
  "modified": "2023-02-02T15:30:27Z",
  "published": "2022-05-24T17:17:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14898"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0328"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0339"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0374"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0375"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-14898"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774671"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200608-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QVJ-HVVG-8W4C

Vulnerability from github – Published: 2022-01-05 00:00 – Updated: 2023-08-08 15:31
VLAI
Details

In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-20013"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-04T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.",
  "id": "GHSA-8qvj-hvvg-8w4c",
  "modified": "2023-08-08T15:31:30Z",
  "published": "2022-01-05T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20013"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/January-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8QWR-XCGG-6RCV

Vulnerability from github – Published: 2022-05-02 03:29 – Updated: 2022-05-02 03:29
VLAI
Details

Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-1894"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-07-17T16:30:00Z",
    "severity": "HIGH"
  },
  "details": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.",
  "id": "GHSA-8qwr-xcgg-6rcv",
  "modified": "2022-05-02T03:29:37Z",
  "published": "2022-05-02T03:29:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1894"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2009-1894"
    },
    {
      "type": "WEB",
      "url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
    },
    {
      "type": "WEB",
      "url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35868"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35886"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35896"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
    },
    {
      "type": "WEB",
      "url": "http://taviso.decsystem.org/research.html"
    },
    {
      "type": "WEB",
      "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1838"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/35721"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-804-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8QXJ-9W4F-X6Q7

Vulnerability from github – Published: 2025-03-04 09:30 – Updated: 2025-03-04 09:30
VLAI
Details

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58048"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-04T08:15:35Z",
    "severity": "MODERATE"
  },
  "details": "Multi-thread problem vulnerability in the package management module\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-8qxj-9w4f-x6q7",
  "modified": "2025-03-04T09:30:39Z",
  "published": "2025-03-04T09:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58048"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.

Mitigation
Architecture and Design

Use thread-safe capabilities such as the data access abstraction in Spring.

Mitigation
Architecture and Design
  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Implementation

When using multithreading and operating on shared variables, only use thread-safe functions.

Mitigation
Implementation

Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.

Mitigation
Implementation

Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.

Mitigation
Implementation

Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.

Mitigation
Implementation

Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.

Mitigation
Implementation

Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.