CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2903 vulnerabilities reference this CWE, most recent first.
GHSA-C26H-GXPC-728G
Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-23 21:31In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Prevent concurrent access to IPSec ASO context
The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5e_ipsec_aso struct for each PF, which contains a shared DMA-mapped context for all ASO operations.
A race condition exists because the ASO spinlock is released before the hardware has finished processing WQE. If a second operation is initiated immediately after, it overwrites the shared context in the DMA area.
When the first operation's completion is processed later, it reads this corrupted context, leading to unexpected behavior and incorrect results.
This commit fixes the race by introducing a private context within each IPSec offload object. The shared ASO context is now copied to this private context while the ASO spinlock is held. Subsequent processing uses this saved, per-object context, ensuring its integrity is maintained.
{
"affected": [],
"aliases": [
"CVE-2026-23441"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-03T16:16:26Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent concurrent access to IPSec ASO context\n\nThe query or updating IPSec offload object is through Access ASO WQE.\nThe driver uses a single mlx5e_ipsec_aso struct for each PF, which\ncontains a shared DMA-mapped context for all ASO operations.\n\nA race condition exists because the ASO spinlock is released before\nthe hardware has finished processing WQE. If a second operation is\ninitiated immediately after, it overwrites the shared context in the\nDMA area.\n\nWhen the first operation\u0027s completion is processed later, it reads\nthis corrupted context, leading to unexpected behavior and incorrect\nresults.\n\nThis commit fixes the race by introducing a private context within\neach IPSec offload object. The shared ASO context is now copied to\nthis private context while the ASO spinlock is held. Subsequent\nprocessing uses this saved, per-object context, ensuring its integrity\nis maintained.",
"id": "GHSA-c26h-gxpc-728g",
"modified": "2026-04-23T21:31:18Z",
"published": "2026-04-03T18:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23441"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2c6a5be0aee5a44066f68a332c30650900e32ad4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6834d196107d5267dcad31b44211da7698e8f618"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99aaee927800ea00b441b607737f9f67b1899755"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99b36850d881e2d65912b2520a1c80d0fcc9429a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3db55dc0f3344b62da25b025a8396d78763b5fa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C29Q-Q85P-G9HW
Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-5198"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-20T14:29:00Z",
"severity": "HIGH"
},
"details": "In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.",
"id": "GHSA-c29q-q85p-g9hw",
"modified": "2022-05-13T01:32:14Z",
"published": "2022-05-13T01:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5198"
},
{
"type": "WEB",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=30112"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2CG-7W87-RJJV
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-13 21:31In the Linux kernel, the following vulnerability has been resolved:
ieee802154/adf7242: defer destroy_workqueue call
There is a possible race condition (use-after-free) like below
(FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) |
The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks.
To fix this, we can add a flag write at the beginning of adf7242_remove and add flag check in adf7242_channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") which let the ieee802154_unregister_hw() to handle the synchronization. This patch takes the second option.
runs")
{
"affected": [],
"aliases": [
"CVE-2022-49968"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n (FREE) | (USE)\n adf7242_remove | adf7242_channel\n cancel_delayed_work_sync |\n destroy_workqueue (1) | adf7242_cmd_rx\n | mod_delayed_work (2)\n |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")",
"id": "GHSA-c2cg-7w87-rjjv",
"modified": "2025-11-13T21:31:17Z",
"published": "2025-06-18T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49968"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2G2-5FG2-7XVG
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50450"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:49Z",
"severity": "HIGH"
},
"details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Wireless Wide Area Network Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-c2g2-5fg2-7xvg",
"modified": "2026-07-14T18:32:24Z",
"published": "2026-07-14T18:32:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50450"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50450"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C2GH-V3PQ-CQ3C
Vulnerability from github – Published: 2022-05-17 05:24 – Updated: 2022-05-17 05:24Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2011-5119"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-26T03:17:00Z",
"severity": "LOW"
},
"details": "Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors.",
"id": "GHSA-c2gh-v3pq-cq3c",
"modified": "2022-05-17T05:24:48Z",
"published": "2022-05-17T05:24:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-5119"
},
{
"type": "WEB",
"url": "http://personalfirewall.comodo.com/release_notes.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C2H2-6J4C-32R2
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-05-13 01:15Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
{
"affected": [],
"aliases": [
"CVE-2013-1266"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-02-13T12:04:00Z",
"severity": "MODERATE"
},
"details": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.",
"id": "GHSA-c2h2-6j4c-32r2",
"modified": "2022-05-13T01:15:45Z",
"published": "2022-05-13T01:15:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1266"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15999"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C2HF-XQ5Q-PVF6
Vulnerability from github – Published: 2022-05-17 05:16 – Updated: 2022-05-17 05:16ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
{
"affected": [],
"aliases": [
"CVE-2012-6095"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-01-24T21:55:00Z",
"severity": "LOW"
},
"details": "ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.",
"id": "GHSA-c2hf-xq5q-pvf6",
"modified": "2022-05-17T05:16:37Z",
"published": "2022-05-17T05:16:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6095"
},
{
"type": "WEB",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3841"
},
{
"type": "WEB",
"url": "http://proftpd.org/docs/NEWS-1.3.5rc1"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51823"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2606"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/01/07/3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C2PM-4P8Q-67XH
Vulnerability from github – Published: 2022-05-17 02:01 – Updated: 2022-05-17 02:01Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.
{
"affected": [],
"aliases": [
"CVE-2011-0990"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-04-13T21:55:00Z",
"severity": "MODERATE"
},
"details": "Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action.",
"id": "GHSA-c2pm-4p8q-67xh",
"modified": "2022-05-17T02:01:31Z",
"published": "2022-05-17T02:01:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0990"
},
{
"type": "WEB",
"url": "https://github.com/mono/mono/commit/2f00e4bbb2137130845afb1b2a1e678552fc8e5c"
},
{
"type": "WEB",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=667077"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66625"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2011-04/msg00024.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2011/04/06/14"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44002"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/44076"
},
{
"type": "WEB",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/47208"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2011/0904"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-C2VW-8M72-W2VH
Vulnerability from github – Published: 2026-01-23 18:31 – Updated: 2026-04-22 15:31In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix race condition for gdev->srcu
If two drivers were calling gpiochip_add_data_with_key(), one may be traversing the srcu-protected list in gpio_name_to_desc(), meanwhile other has just added its gdev in gpiodev_add_to_list_unlocked(). This creates a non-mutexed and non-protected timeframe, when one instance is dereferencing and using &gdev->srcu, before the other has initialized it, resulting in crash:
[ 4.935481] Unable to handle kernel paging request at virtual address ffff800272bcc000 [ 4.943396] Mem abort info: [ 4.943400] ESR = 0x0000000096000005 [ 4.943403] EC = 0x25: DABT (current EL), IL = 32 bits [ 4.943407] SET = 0, FnV = 0 [ 4.943410] EA = 0, S1PTW = 0 [ 4.943413] FSC = 0x05: level 1 translation fault [ 4.943416] Data abort info: [ 4.943418] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 4.946220] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 4.955261] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 4.955268] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000038e6c000 [ 4.961449] [ffff800272bcc000] pgd=0000000000000000 [ 4.969203] , p4d=1000000039739003 [ 4.979730] , pud=0000000000000000 [ 4.980210] phandle (CPU): 0x0000005e, phandle (BE): 0x5e000000 for node "reset" [ 4.991736] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP ... [ 5.121359] pc : __srcu_read_lock+0x44/0x98 [ 5.131091] lr : gpio_name_to_desc+0x60/0x1a0 [ 5.153671] sp : ffff8000833bb430 [ 5.298440] [ 5.298443] Call trace: [ 5.298445] __srcu_read_lock+0x44/0x98 [ 5.309484] gpio_name_to_desc+0x60/0x1a0 [ 5.320692] gpiochip_add_data_with_key+0x488/0xf00 5.946419] ---[ end trace 0000000000000000 ]---
Move initialization code for gdev fields before it is added to gpio_devices, with adjacent initialization code. Adjust goto statements to reflect modified order of operations
[Bartosz: fixed a build issue, removed stray newline]
{
"affected": [],
"aliases": [
"CVE-2026-22986"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-23T16:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: fix race condition for gdev-\u003esrcu\n\nIf two drivers were calling gpiochip_add_data_with_key(), one may be\ntraversing the srcu-protected list in gpio_name_to_desc(), meanwhile\nother has just added its gdev in gpiodev_add_to_list_unlocked().\nThis creates a non-mutexed and non-protected timeframe, when one\ninstance is dereferencing and using \u0026gdev-\u003esrcu, before the other\nhas initialized it, resulting in crash:\n\n[ 4.935481] Unable to handle kernel paging request at virtual address ffff800272bcc000\n[ 4.943396] Mem abort info:\n[ 4.943400] ESR = 0x0000000096000005\n[ 4.943403] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 4.943407] SET = 0, FnV = 0\n[ 4.943410] EA = 0, S1PTW = 0\n[ 4.943413] FSC = 0x05: level 1 translation fault\n[ 4.943416] Data abort info:\n[ 4.943418] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 4.946220] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 4.955261] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 4.955268] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000038e6c000\n[ 4.961449] [ffff800272bcc000] pgd=0000000000000000\n[ 4.969203] , p4d=1000000039739003\n[ 4.979730] , pud=0000000000000000\n[ 4.980210] phandle (CPU): 0x0000005e, phandle (BE): 0x5e000000 for node \"reset\"\n[ 4.991736] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n...\n[ 5.121359] pc : __srcu_read_lock+0x44/0x98\n[ 5.131091] lr : gpio_name_to_desc+0x60/0x1a0\n[ 5.153671] sp : ffff8000833bb430\n[ 5.298440]\n[ 5.298443] Call trace:\n[ 5.298445] __srcu_read_lock+0x44/0x98\n[ 5.309484] gpio_name_to_desc+0x60/0x1a0\n[ 5.320692] gpiochip_add_data_with_key+0x488/0xf00\n 5.946419] ---[ end trace 0000000000000000 ]---\n\nMove initialization code for gdev fields before it is added to\ngpio_devices, with adjacent initialization code.\nAdjust goto statements to reflect modified order of operations\n\n[Bartosz: fixed a build issue, removed stray newline]",
"id": "GHSA-c2vw-8m72-w2vh",
"modified": "2026-04-22T15:31:31Z",
"published": "2026-01-23T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22986"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ef731547dfd73f466c5d0e52801b97191d4647f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7ac22d53d0990152b108c3f4fe30df45fcb0181"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fb674c8f1a5d8dd3113a7326030f963fa2d79c02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C35M-QV8M-73H9
Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.
{
"affected": [],
"aliases": [
"CVE-2015-7553"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-14T16:29:00Z",
"severity": "MODERATE"
},
"details": "Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.",
"id": "GHSA-c35m-qv8m-73h9",
"modified": "2022-05-13T01:08:47Z",
"published": "2022-05-13T01:08:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7553"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:2152"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-7553"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288934"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.