CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2909 vulnerabilities reference this CWE, most recent first.
GHSA-4Q59-WCCF-6Q9R
Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-13 21:31A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.
{
"affected": [],
"aliases": [
"CVE-2026-20617"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T23:16:05Z",
"severity": "HIGH"
},
"details": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.",
"id": "GHSA-4q59-wccf-6q9r",
"modified": "2026-02-13T21:31:35Z",
"published": "2026-02-12T00:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20617"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126346"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126348"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126350"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126351"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126352"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126353"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QC6-52F6-6VGR
Vulnerability from github – Published: 2025-05-20 18:30 – Updated: 2026-02-19 18:31In the Linux kernel, the following vulnerability has been resolved:
xsk: Fix race condition in AF_XDP generic RX path
Move rx_lock from xsk_socket to xsk_buff_pool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xsk_buff_pool.
RX queue is exclusive to xsk_socket, while FILL queue can be shared between multiple sockets. This could result in race condition where two CPU cores access RX path of two different sockets sharing the same umem.
Protect both queues by acquiring spinlock in shared xsk_buff_pool.
Lock contention may be minimized in the future by some per-thread FQ buffering.
It's safe and necessary to move spin_lock_bh(rx_lock) after xsk_rcv_check(): * xs->pool and spinlock_init is synchronized by xsk_bind() -> xsk_is_bound() memory barriers. * xsk_rcv_check() may return true at the moment of xsk_release() or xsk_unbind_dev(), however this will not cause any data races or race conditions. xsk_unbind_dev() removes xdp socket from all maps and waits for completion of all outstanding rx operations. Packets in RX path will either complete safely or drop.
{
"affected": [],
"aliases": [
"CVE-2025-37920"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-20T16:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix race condition in AF_XDP generic RX path\n\nMove rx_lock from xsk_socket to xsk_buff_pool.\nFix synchronization for shared umem mode in\ngeneric RX path where multiple sockets share\nsingle xsk_buff_pool.\n\nRX queue is exclusive to xsk_socket, while FILL\nqueue can be shared between multiple sockets.\nThis could result in race condition where two\nCPU cores access RX path of two different sockets\nsharing the same umem.\n\nProtect both queues by acquiring spinlock in shared\nxsk_buff_pool.\n\nLock contention may be minimized in the future by some\nper-thread FQ buffering.\n\nIt\u0027s safe and necessary to move spin_lock_bh(rx_lock)\nafter xsk_rcv_check():\n* xs-\u003epool and spinlock_init is synchronized by\n xsk_bind() -\u003e xsk_is_bound() memory barriers.\n* xsk_rcv_check() may return true at the moment\n of xsk_release() or xsk_unbind_dev(),\n however this will not cause any data races or\n race conditions. xsk_unbind_dev() removes xdp\n socket from all maps and waits for completion\n of all outstanding rx operations. Packets in\n RX path will either complete safely or drop.",
"id": "GHSA-4qc6-52f6-6vgr",
"modified": "2026-02-19T18:31:42Z",
"published": "2025-05-20T18:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37920"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65d3c570614b892257dc58a1b202908242ecf8fd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75a240a3e8abf17b9e00b0ef0492b1bbaa932251"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/975b372313dc018b9bd6cc0d85d188787054b19e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1356ac7749cafc4e27aa62c0c4604b5dca4983e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6978c565ce33658543c637060852434b4248d30"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QF4-G53X-X6VR
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2022-05-13 01:15Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
{
"affected": [],
"aliases": [
"CVE-2013-1249"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-02-13T12:04:00Z",
"severity": "MODERATE"
},
"details": "Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.",
"id": "GHSA-4qf4-g53x-x6vr",
"modified": "2022-05-13T01:15:43Z",
"published": "2022-05-13T01:15:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1249"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-016"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16320"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4QF9-G5CF-CX9J
Vulnerability from github – Published: 2026-05-19 15:31 – Updated: 2026-05-19 18:32The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. Some of the status pages may then be freed while mappings of them would still be inserted into the guest's secondary (P2M) page tables.
{
"affected": [],
"aliases": [
"CVE-2026-23558"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T14:16:38Z",
"severity": "HIGH"
},
"details": "The adjustments made for XSA-379 as well as those subsequently becoming\nXSA-387 still left a race window, when a HVM or PVH guest does a grant\ntable version change from v2 to v1 in parallel with mapping the status\npage(s) via XENMEM_add_to_physmap. Some of the status pages may then be\nfreed while mappings of them would still be inserted into the guest\u0027s\nsecondary (P2M) page tables.",
"id": "GHSA-4qf9-g5cf-cx9j",
"modified": "2026-05-19T18:32:08Z",
"published": "2026-05-19T15:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23558"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-486.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/13"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-486.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QQJ-HC3P-XWFG
Vulnerability from github – Published: 2022-09-03 00:00 – Updated: 2022-09-09 00:00An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
{
"affected": [],
"aliases": [
"CVE-2022-39188"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-02T05:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",
"id": "GHSA-4qqj-hc3p-xwfg",
"modified": "2022-09-09T00:00:57Z",
"published": "2022-09-03T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39188"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2329"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg@mail.gmail.com"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4QRJ-7FXC-VHJ8
Vulnerability from github – Published: 2024-11-26 06:31 – Updated: 2024-11-26 06:31IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.
{
"affected": [],
"aliases": [
"CVE-2024-49353"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-26T04:15:05Z",
"severity": "HIGH"
},
"details": "IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash.",
"id": "GHSA-4qrj-7fxc-vhj8",
"modified": "2024-11-26T06:31:03Z",
"published": "2024-11-26T06:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49353"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7177065"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4R55-XRFW-FFX7
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2020-11262"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-09T05:15:00Z",
"severity": "HIGH"
},
"details": "A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-4r55-xrfw-ffx7",
"modified": "2022-05-24T19:04:43Z",
"published": "2022-05-24T19:04:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11262"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4R92-2GJG-4MQW
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2025-05-01 15:31There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
{
"affected": [],
"aliases": [
"CVE-2022-44563"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.",
"id": "GHSA-4r92-2gjg-4mqw",
"modified": "2025-05-01T15:31:30Z",
"published": "2022-11-10T12:01:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44563"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/11"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4RCP-9QG3-Q6JP
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-05-24 17:17On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up.
{
"affected": [],
"aliases": [
"CVE-2020-5876"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up.",
"id": "GHSA-4rcp-9qg3-q6jp",
"modified": "2022-05-24T17:17:00Z",
"published": "2022-05-24T17:17:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5876"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K32121038"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4RGV-CPG8-F3HR
Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-18 15:30In the Linux kernel, the following vulnerability has been resolved:
mm/shmem, swap: fix race of truncate and swap entry split
The helper for shmem swap freeing is not handling the order of swap entries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it gets the entry order before that using xa_get_order without lock protection, and it may get an outdated order value if the entry is split or changed in other ways after the xa_get_order and before the xa_cmpxchg_irq.
And besides, the order could grow and be larger than expected, and cause truncation to erase data beyond the end border. For example, if the target entry and following entries are swapped in or freed, then a large folio was added in place and swapped out, using the same entry, the xa_cmpxchg_irq will still succeed, it's very unlikely to happen though.
To fix that, open code the Xarray cmpxchg and put the order retrieval and value checking in the same critical section. Also, ensure the order won't exceed the end border, skip it if the entry goes across the border.
Skipping large swap entries crosses the end border is safe here. Shmem truncate iterates the range twice, in the first iteration, find_lock_entries already filtered such entries, and shmem will swapin the entries that cross the end border and partially truncate the folio (split the folio or at least zero part of it). So in the second loop here, if we see a swap entry that crosses the end order, it must at least have its content erased already.
I observed random swapoff hangs and kernel panics when stress testing ZSWAP with shmem. After applying this patch, all problems are gone.
{
"affected": [],
"aliases": [
"CVE-2026-23161"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T16:15:56Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/shmem, swap: fix race of truncate and swap entry split\n\nThe helper for shmem swap freeing is not handling the order of swap\nentries correctly. It uses xa_cmpxchg_irq to erase the swap entry, but it\ngets the entry order before that using xa_get_order without lock\nprotection, and it may get an outdated order value if the entry is split\nor changed in other ways after the xa_get_order and before the\nxa_cmpxchg_irq.\n\nAnd besides, the order could grow and be larger than expected, and cause\ntruncation to erase data beyond the end border. For example, if the\ntarget entry and following entries are swapped in or freed, then a large\nfolio was added in place and swapped out, using the same entry, the\nxa_cmpxchg_irq will still succeed, it\u0027s very unlikely to happen though.\n\nTo fix that, open code the Xarray cmpxchg and put the order retrieval and\nvalue checking in the same critical section. Also, ensure the order won\u0027t\nexceed the end border, skip it if the entry goes across the border.\n\nSkipping large swap entries crosses the end border is safe here. Shmem\ntruncate iterates the range twice, in the first iteration,\nfind_lock_entries already filtered such entries, and shmem will swapin the\nentries that cross the end border and partially truncate the folio (split\nthe folio or at least zero part of it). So in the second loop here, if we\nsee a swap entry that crosses the end order, it must at least have its\ncontent erased already.\n\nI observed random swapoff hangs and kernel panics when stress testing\nZSWAP with shmem. After applying this patch, all problems are gone.",
"id": "GHSA-4rgv-cpg8-f3hr",
"modified": "2026-03-18T15:30:40Z",
"published": "2026-02-14T18:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23161"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8a1968bd997f45a9b11aefeabdd1232e1b6c7184"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a99f9a4669a04662c8f9efe0e62cafc598153139"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b23bee8cdb7aabce5701a7f57414db5a354ae8ed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.