CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2902 vulnerabilities reference this CWE, most recent first.
GHSA-96FH-G7CH-V87P
Vulnerability from github – Published: 2026-01-14 03:30 – Updated: 2026-01-14 03:30Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2025-68956"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-14T02:15:50Z",
"severity": "HIGH"
},
"details": "Multi-thread race condition vulnerability in the card framework module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-96fh-g7ch-v87p",
"modified": "2026-01-14T03:30:25Z",
"published": "2026-01-14T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68956"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2026/1"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96GR-7MGW-2637
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
The ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data structures have been fully initialised by the time it runs. However, because of the order in which things are initialised, this is not guaranteed to be the case, because the device is exposed to the USB subsystem before the ath9k driver initialisation is completed.
We already committed a partial fix for this in commit: 8b3046abc99e ("ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()")
However, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event tasklet, pairing it with an "initialisation complete" bit in the TX struct. It seems syzbot managed to trigger the race for one of the other commands as well, so let's just move the existing synchronisation bit to cover the whole tasklet (setting it at the end of ath9k_htc_probe_device() instead of inside ath9k_tx_init()).
{
"affected": [],
"aliases": [
"CVE-2024-26897"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete\n\nThe ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data\nstructures have been fully initialised by the time it runs. However, because of\nthe order in which things are initialised, this is not guaranteed to be the\ncase, because the device is exposed to the USB subsystem before the ath9k driver\ninitialisation is completed.\n\nWe already committed a partial fix for this in commit:\n8b3046abc99e (\"ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()\")\n\nHowever, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event\ntasklet, pairing it with an \"initialisation complete\" bit in the TX struct. It\nseems syzbot managed to trigger the race for one of the other commands as well,\nso let\u0027s just move the existing synchronisation bit to cover the whole\ntasklet (setting it at the end of ath9k_htc_probe_device() instead of inside\nath9k_tx_init()).",
"id": "GHSA-96gr-7mgw-2637",
"modified": "2026-05-12T12:31:38Z",
"published": "2024-04-17T12:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26897"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bc5461a21c56a36e2a7d81e152b90ce019a3905"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24355fcb0d4cbcb6ddda262596558e8cfba70f11"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4afa0246656d5680c8a4c3fb37ba6570c4ab819b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74d0639261dd795dce958d1b14815bdcbb48a715"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a015fbf698c8957aa5fbeefc5c59dd2cf3107298"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ac90e22e735bac44f74b5161fb096fbeb0ff8bc2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f8ff4b4df71e87f609be0cc37d92e918107f9b90"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96W3-P368-4H8C
Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-06-13 18:17ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.
This was fixed by serializing access to an interned object while it is being deallocated.
Versions prior to 0.3.12 used stronger locking which avoided the problem.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "internment"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.12"
},
{
"fixed": "0.4.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35874"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:19:06Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "ArcIntern::drop has a race condition where it can release memory which is about to get another user. The new user will get a reference to freed memory.\n\nThis was fixed by serializing access to an interned object while it is being deallocated.\n\nVersions prior to 0.3.12 used stronger locking which avoided the problem.",
"id": "GHSA-96w3-p368-4h8c",
"modified": "2023-06-13T18:17:00Z",
"published": "2021-08-25T20:46:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35874"
},
{
"type": "WEB",
"url": "https://github.com/droundy/internment/issues/11"
},
{
"type": "PACKAGE",
"url": "https://github.com/droundy/internment"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use after free in internment"
}
GHSA-96W4-H9HJ-8C4V
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-12-07 00:30In the Linux kernel, the following vulnerability has been resolved:
block: fix race between set_blocksize and read paths
With the new large sector size support, it's now the case that set_blocksize can change i_blksize and the folio order in a manner that conflicts with a concurrent reader and causes a kernel crash.
Specifically, let's say that udev-worker calls libblkid to detect the labels on a block device. The read call can create an order-0 folio to read the first 4096 bytes from the disk. But then udev is preempted.
Next, someone tries to mount an 8k-sectorsize filesystem from the same block device. The filesystem calls set_blksize, which sets i_blksize to 8192 and the minimum folio order to 1.
Now udev resumes, still holding the order-0 folio it allocated. It then tries to schedule a read bio and do_mpage_readahead tries to create bufferheads for the folio. Unfortunately, blocks_per_folio == 0 because the page size is 4096 but the blocksize is 8192 so no bufferheads are attached and the bh walk never sets bdev. We then submit the bio with a NULL block device and crash.
Therefore, truncate the page cache after flushing but before updating i_blksize. However, that's not enough -- we also need to lock out file IO and page faults during the update. Take both the i_rwsem and the invalidate_lock in exclusive mode for invalidations, and in shared mode for read/write operations.
I don't know if this is the correct fix, but xfs/259 found it.
{
"affected": [],
"aliases": [
"CVE-2025-38073"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T10:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix race between set_blocksize and read paths\n\nWith the new large sector size support, it\u0027s now the case that\nset_blocksize can change i_blksize and the folio order in a manner that\nconflicts with a concurrent reader and causes a kernel crash.\n\nSpecifically, let\u0027s say that udev-worker calls libblkid to detect the\nlabels on a block device. The read call can create an order-0 folio to\nread the first 4096 bytes from the disk. But then udev is preempted.\n\nNext, someone tries to mount an 8k-sectorsize filesystem from the same\nblock device. The filesystem calls set_blksize, which sets i_blksize to\n8192 and the minimum folio order to 1.\n\nNow udev resumes, still holding the order-0 folio it allocated. It then\ntries to schedule a read bio and do_mpage_readahead tries to create\nbufferheads for the folio. Unfortunately, blocks_per_folio == 0 because\nthe page size is 4096 but the blocksize is 8192 so no bufferheads are\nattached and the bh walk never sets bdev. We then submit the bio with a\nNULL block device and crash.\n\nTherefore, truncate the page cache after flushing but before updating\ni_blksize. However, that\u0027s not enough -- we also need to lock out file\nIO and page faults during the update. Take both the i_rwsem and the\ninvalidate_lock in exclusive mode for invalidations, and in shared mode\nfor read/write operations.\n\nI don\u0027t know if this is the correct fix, but xfs/259 found it.",
"id": "GHSA-96w4-h9hj-8c4v",
"modified": "2025-12-07T00:30:55Z",
"published": "2025-06-18T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38073"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/311427c9384d93ce01f6375a83f93c1c18f7cabe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64f505b08e0cfd8163491c8c082d4f47a88e51d4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8c5cf440a378801d313eb58be996fdc81a8878a4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a0caf1de97e1edd7f3451f1818ea6cb970495fc5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0e473a0d226479e8e925d5ba93f751d8df628e9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-96WC-W7P5-G6WJ
Vulnerability from github – Published: 2025-01-08 03:30 – Updated: 2025-01-08 03:30Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2024-56441"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-08T03:15:09Z",
"severity": "MODERATE"
},
"details": "Race condition vulnerability in the Bastet module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-96wc-w7p5-g6wj",
"modified": "2025-01-08T03:30:24Z",
"published": "2025-01-08T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56441"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2025/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-976W-RFCM-5CFG
Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
{
"affected": [],
"aliases": [
"CVE-2024-27876"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T00:15:48Z",
"severity": "HIGH"
},
"details": "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.",
"id": "GHSA-976w-rfcm-5cfg",
"modified": "2025-11-04T18:31:19Z",
"published": "2024-09-17T00:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27876"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121234"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121238"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121246"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121247"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121249"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121250"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/32"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/36"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/39"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/40"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-97JV-XF89-QX5J
Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-07-11 15:30In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-32899"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T21:15:54Z",
"severity": "HIGH"
},
"details": "In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-97jv-xf89-qx5j",
"modified": "2024-07-11T15:30:43Z",
"published": "2024-06-13T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32899"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97PM-8R38-GFM3
Vulnerability from github – Published: 2023-06-19 00:30 – Updated: 2024-04-04 04:55An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
{
"affected": [],
"aliases": [
"CVE-2023-35823"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-18T22:15:09Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.",
"id": "GHSA-97pm-8r38-gfm3",
"modified": "2024-04-04T04:55:45Z",
"published": "2023-06-19T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35823"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947%40xs4all.nl"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz%40163.com/t"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz@163.com/t"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230803-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-97RM-MR46-24CW
Vulnerability from github – Published: 2022-05-14 03:04 – Updated: 2022-05-14 03:04Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.
{
"affected": [],
"aliases": [
"CVE-2018-5859"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-06T19:29:00Z",
"severity": "HIGH"
},
"details": "Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur.",
"id": "GHSA-97rm-mr46-24cw",
"modified": "2022-05-14T03:04:28Z",
"published": "2022-05-14T03:04:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5859"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-07-01"
},
{
"type": "WEB",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=36400a7fa3753028a3bf89a9cdb28c5e25693c59"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-983H-W38C-CWJW
Vulnerability from github – Published: 2023-04-11 21:31 – Updated: 2023-04-11 21:31Windows Clip Service Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-28273"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-11T21:15:00Z",
"severity": "HIGH"
},
"details": "Windows Clip Service Elevation of Privilege Vulnerability",
"id": "GHSA-983h-w38c-cwjw",
"modified": "2023-04-11T21:31:00Z",
"published": "2023-04-11T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28273"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.