CWE-366
AllowedRace Condition within a Thread
Abstraction: Base · Status: Draft
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.
34 vulnerabilities reference this CWE, most recent first.
GHSA-5CRW-452C-5358
Vulnerability from github – Published: 2023-10-04 21:30 – Updated: 2024-04-04 08:18A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
{
"affected": [],
"aliases": [
"CVE-2023-38537"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-366"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-04T20:15:09Z",
"severity": "MODERATE"
},
"details": "A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.",
"id": "GHSA-5crw-452c-5358",
"modified": "2024-04-04T08:18:30Z",
"published": "2023-10-04T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38537"
},
{
"type": "WEB",
"url": "https://www.whatsapp.com/security/advisories/2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-885J-XRF7-WXG5
Vulnerability from github – Published: 2025-01-14 18:31 – Updated: 2025-01-14 18:31A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.
{
"affected": [],
"aliases": [
"CVE-2024-10630"
],
"database_specific": {
"cwe_ids": [
"CWE-366"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T17:15:13Z",
"severity": "HIGH"
},
"details": "A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.",
"id": "GHSA-885j-xrf7-wxg5",
"modified": "2025-01-14T18:31:59Z",
"published": "2025-01-14T18:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10630"
},
{
"type": "WEB",
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Application-Control-Engine-CVE-2024-10630"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9M98-937V-R97X
Vulnerability from github – Published: 2024-07-17 00:32 – Updated: 2024-08-01 15:32Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-6778"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-366"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-16T22:15:07Z",
"severity": "HIGH"
},
"details": "Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)",
"id": "GHSA-9m98-937v-r97x",
"modified": "2024-08-01T15:32:03Z",
"published": "2024-07-17T00:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6778"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/341136300"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C546-8JMQ-HPRJ
Vulnerability from github – Published: 2024-06-06 21:30 – Updated: 2024-10-11 20:05A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "zenml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.55.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-2032"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-366"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-06T22:22:19Z",
"nvd_published_at": "2024-06-06T19:15:53Z",
"severity": "LOW"
},
"details": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.",
"id": "GHSA-c546-8jmq-hprj",
"modified": "2024-10-11T20:05:28Z",
"published": "2024-06-06T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2032"
},
{
"type": "WEB",
"url": "https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-105.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/zenml-io/zenml"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Race condition in zenml"
}
GHSA-C9MW-VPXM-P7RQ
Vulnerability from github – Published: 2023-10-03 18:30 – Updated: 2023-11-14 21:30A flaw was found in the Linux Kernel's memory management subsytem. A task exits and releases a 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x.
{
"affected": [],
"aliases": [
"CVE-2023-4732"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-366"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-03T17:15:09Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the Linux Kernel\u0027s memory management subsytem. A task exits and releases a 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x.",
"id": "GHSA-c9mw-vpxm-p7rq",
"modified": "2023-11-14T21:30:50Z",
"published": "2023-10-03T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4732"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:6901"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7077"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7539"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4732"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236982"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FVC9-Q887-5P2H
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-06-30 03:36Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2026-23666"
],
"database_specific": {
"cwe_ids": [
"CWE-366",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:44Z",
"severity": "HIGH"
},
"details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in .NET Framework allows an unauthorized attacker to deny service over a network.",
"id": "GHSA-fvc9-q887-5p2h",
"modified": "2026-06-30T03:36:16Z",
"published": "2026-04-14T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23666"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-23666"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458271"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23666"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23666.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HR72-3P79-RCHW
Vulnerability from github – Published: 2023-10-04 21:30 – Updated: 2024-04-04 08:18A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
{
"affected": [],
"aliases": [
"CVE-2023-38538"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-366"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-04T20:15:10Z",
"severity": "MODERATE"
},
"details": "A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.",
"id": "GHSA-hr72-3p79-rchw",
"modified": "2024-04-04T08:18:42Z",
"published": "2023-10-04T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38538"
},
{
"type": "WEB",
"url": "https://www.whatsapp.com/security/advisories/2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JGCX-H4MG-4M6M
Vulnerability from github – Published: 2023-01-18 03:31 – Updated: 2023-01-25 18:30A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.
{
"affected": [],
"aliases": [
"CVE-2015-10067"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-366"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-18T01:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463.",
"id": "GHSA-jgcx-h4mg-4m6m",
"modified": "2023-01-25T18:30:49Z",
"published": "2023-01-18T03:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-10067"
},
{
"type": "WEB",
"url": "https://github.com/oznetmaster/SSharpSmartThreadPool/commit/0e58073c831093aad75e077962e9fb55cad0dc5f"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.218463"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.218463"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MC8H-8Q98-G5HR
Vulnerability from github – Published: 2023-02-24 16:23 – Updated: 2023-02-24 16:23The remove_dir_all crate is a Rust library that offers additional features over the Rust standard library fs::remove_dir_all function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting a symlink for a path after the type of the path was checked.
Thanks to the Rust security team for identifying the problem and alerting us to it.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "remove_dir_all"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-366",
"CWE-367"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-24T16:23:59Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "The `remove_dir_all` crate is a Rust library that offers additional features over the Rust standard library `fs::remove_dir_all` function. It suffers the same class of failure as the code it was layering over: TOCTOU race conditions, with the ability to cause arbitrary paths to be deleted by substituting a symlink for a path after the type of the path was checked.\n\nThanks to the Rust security team for identifying the problem and alerting us to it.",
"id": "GHSA-mc8h-8q98-g5hr",
"modified": "2023-02-24T16:23:59Z",
"published": "2023-02-24T16:23:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/XAMPPRocky/remove_dir_all/security/advisories/GHSA-mc8h-8q98-g5hr"
},
{
"type": "WEB",
"url": "https://github.com/XAMPPRocky/remove_dir_all/commit/7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead"
},
{
"type": "PACKAGE",
"url": "https://github.com/XAMPPRocky/remove_dir_all"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0018.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all"
}
GHSA-PW2F-XMGC-F22M
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-07-08 15:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()
Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical section. It also will crash if an event is delivered before the srq object is finished initializing.
Use the spinlock since it isn't easy to make RCU work, use refcount_inc_not_zero() to protect against partially initialized objects, and order the refcount_set() to be after the srq is fully initialized.
{
"affected": [],
"aliases": [
"CVE-2026-46181"
],
"database_specific": {
"cwe_ids": [
"CWE-366"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:33Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()\n\nSashiko points out the radix_tree itself is RCU safe, but nothing ever\nfrees the mlx4_srq struct with RCU, and it isn\u0027t even accessed within the\nRCU critical section. It also will crash if an event is delivered before\nthe srq object is finished initializing.\n\nUse the spinlock since it isn\u0027t easy to make RCU work, use\nrefcount_inc_not_zero() to protect against partially initialized objects,\nand order the refcount_set() to be after the srq is fully initialized.",
"id": "GHSA-pw2f-xmgc-f22m",
"modified": "2026-07-08T15:31:32Z",
"published": "2026-05-28T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46181"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46181.json"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c9341307ea16b9395c2e4c9c94d8499d91fe31d0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8b7833f3bce35cb0d01c1503781523c099c675f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e2a44875b6afb4add1115f7f3351dcbeb6f273d"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482532"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-46181"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36216"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35896"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35894"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:35863"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34443"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34095"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34094"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33900"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25217"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25121"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:25120"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Use locking functionality. This is the recommended solution. Implement some form of locking mechanism around code which alters or reads persistent data in a multithreaded environment.
Mitigation
Create resource-locking validation checks. If no inherent locking mechanisms exist, use flags and signals to enforce your own blocking scheme when resources are being used by other threads of execution.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.