Common Weakness Enumeration

CWE-765

Allowed

Multiple Unlocks of a Critical Resource

Abstraction: Base · Status: Incomplete

The product unlocks a critical resource more times than intended, leading to an unexpected state in the system.

2 vulnerabilities reference this CWE, most recent first.

CVE-2024-49602 (GCVE-0-2024-49602)

Vulnerability from cvelistv5 – Published: 2024-12-09 14:22 – Updated: 2024-12-09 14:56
VLAI
Summary
Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-765 - Multiple Unlocks of a Critical Resource
Assigner
References
Impacted products
Vendor Product Version
Dell PowerScale OneFS Affected: 8.2.2.x , ≤ 9.7.1.2 (semver)
Affected: 9.4.0.0 , ≤ 9.4.0.19 (semver)
Affected: 9.5.0.0 , ≤ 9.5.1.0 (semver)
Affected: 9.8.0.0
Create a notification for this product.
Date Public
2024-12-04 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T14:56:15.374641Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T14:56:32.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerScale OneFS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "9.7.1.2",
              "status": "affected",
              "version": "8.2.2.x",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.4.0.19",
              "status": "affected",
              "version": "9.4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.5.1.0",
              "status": "affected",
              "version": "9.5.0.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "9.8.0.0"
            }
          ]
        }
      ],
      "datePublic": "2024-12-04T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service."
            }
          ],
          "value": "Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-765",
              "description": "CWE-765: Multiple Unlocks of a Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-09T14:22:58.153Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-in/000256645/dsa-2024-453-security-update-for-dell-powerscale-onefs-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-49602",
    "datePublished": "2024-12-09T14:22:58.153Z",
    "dateReserved": "2024-10-17T05:03:48.988Z",
    "dateUpdated": "2024-12-09T14:56:32.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-2FQ3-7C2H-3GR7

Vulnerability from github – Published: 2024-12-09 15:31 – Updated: 2024-12-09 15:31
VLAI
Details

Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667",
      "CWE-765"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-09T15:15:17Z",
    "severity": "MODERATE"
  },
  "details": "Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service.",
  "id": "GHSA-2fq3-7c2h-3gr7",
  "modified": "2024-12-09T15:31:37Z",
  "published": "2024-12-09T15:31:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49602"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-in/000256645/dsa-2024-453-security-update-for-dell-powerscale-onefs-multiple-security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the product acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again.

No CAPEC attack patterns related to this CWE.