CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CVE-2018-17244 (GCVE-0-2018-17244)
Vulnerability from cvelistv5 – Published: 2018-12-20 22:00 – Updated: 2024-08-05 10:47
VLAI
Summary
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to.
Severity
No CVSS data available.
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://discuss.elastic.co/t/elastic-stack-6-4-3-… | x_refsource_MISC |
| https://www.elastic.co/community/security | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/106318 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Elastic | Elasticsearch |
Affected:
6.4.0 to 6.4.2
|
Date Public
2018-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:47:04.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "106318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "6.4.0 to 6.4.2"
}
]
}
],
"datePublic": "2018-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-27T10:57:01.000Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.elastic.co/community/security"
},
{
"name": "106318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2018-17244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elasticsearch",
"version": {
"version_data": [
{
"version_value": "6.4.0 to 6.4.2"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "106318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2018-17244",
"datePublished": "2018-12-20T22:00:00.000Z",
"dateReserved": "2018-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:47:04.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3759 (GCVE-0-2018-3759)
Vulnerability from cvelistv5 – Published: 2018-06-13 15:00 – Updated: 2024-09-16 20:26
VLAI
Summary
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.
Severity
No CVSS data available.
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/jtdowney/private_address_check… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HackerOne | private_address_check ruby gem |
Affected:
0.5.0
|
Date Public
2018-05-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "private_address_check ruby gem",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "0.5.0"
}
]
}
],
"datePublic": "2018-05-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) (CWE-362)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-13T14:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-05-03T00:00:00",
"ID": "CVE-2018-3759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "private_address_check ruby gem",
"version": {
"version_data": [
{
"version_value": "0.5.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) (CWE-362)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147",
"refsource": "MISC",
"url": "https://github.com/jtdowney/private_address_check/commit/4068228187db87fea7577f7020099399772bb147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2018-3759",
"datePublished": "2018-06-13T15:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:26:38.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14898 (GCVE-0-2019-14898)
Vulnerability from cvelistv5 – Published: 2020-05-08 13:50 – Updated: 2024-08-05 00:26
VLAI
Summary
The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
Severity
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan… | x_refsource_MISC |
| https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan… | x_refsource_MISC |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan… | x_refsource_MISC |
| https://bugs.chromium.org/p/project-zero/issues/d… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2020060… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Linux kernel | kernel |
Affected:
< 5.0.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "Linux kernel",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:08.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14898"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14898",
"datePublished": "2020-05-08T13:50:58.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18567 (GCVE-0-2019-18567)
Vulnerability from cvelistv5 – Published: 2020-02-03 17:55 – Updated: 2024-09-16 18:28
VLAI
Title
Bromium client - out of bound read results in race condition causing Kernel memory leaks or denial of service
Summary
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service.
Severity
6.1 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.bromium.com/s/article/Bromium-Sec… | x_refsource_CONFIRM |
| https://airbus-cyber-security.com/dive-into-a-ker… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bromium | Bromium client |
Affected:
4.0.3.2060
Affected: ?< 4.0.3.2060 Affected: ?>= 4.0.3.2060 Affected: < 4.1.7 Update 1 |
Date Public
2019-09-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bromium client",
"vendor": "Bromium",
"versions": [
{
"status": "affected",
"version": "4.0.3.2060"
},
{
"status": "affected",
"version": "?\u003c 4.0.3.2060"
},
{
"status": "affected",
"version": "?\u003e= 4.0.3.2060"
},
{
"status": "affected",
"version": "\u003c 4.1.7 Update 1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nicolas DELHAYE from AIRBUS"
}
],
"datePublic": "2019-09-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-04T15:10:32.000Z",
"orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"shortName": "airbus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Bromium client - out of bound read results in race condition causing Kernel memory leaks or denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"DATE_PUBLIC": "2019-09-10T00:00:00.000Z",
"ID": "CVE-2019-18567",
"STATE": "PUBLIC",
"TITLE": "Bromium client - out of bound read results in race condition causing Kernel memory leaks or denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bromium client",
"version": {
"version_data": [
{
"version_value": "4.0.3.2060"
},
{
"version_value": "?\u003c 4.0.3.2060"
},
{
"version_value": "?\u003e= 4.0.3.2060"
},
{
"version_value": "\u003c 4.1.7 Update 1"
}
]
}
}
]
},
"vendor_name": "Bromium"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nicolas DELHAYE from AIRBUS"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released",
"refsource": "CONFIRM",
"url": "https://support.bromium.com/s/article/Bromium-Secure-Platform-4-1-Update-7-Released"
},
{
"name": "https://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567",
"refsource": "MISC",
"url": "https://airbus-cyber-security.com/dive-into-a-kernel-bromium-race-condition-cve-2019-18567"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"assignerShortName": "airbus",
"cveId": "CVE-2019-18567",
"datePublished": "2020-02-03T17:55:36.028Z",
"dateReserved": "2019-10-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:28:52.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3016 (GCVE-0-2019-3016)
Vulnerability from cvelistv5 – Published: 2020-01-31 19:50 – Updated: 2024-09-30 15:47
VLAI
Summary
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2020/01/30/4 | mailing-listx_refsource_MLIST |
| https://lore.kernel.org/lkml/1580407316-11391-1-g… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1792167 | x_refsource_CONFIRM |
| https://git.kernel.org/linus/8c6de56a42e0c657955e… | x_refsource_CONFIRM |
| https://git.kernel.org/linus/1eff70a9abd46f175def… | x_refsource_CONFIRM |
| https://git.kernel.org/linus/917248144db5d7320655… | x_refsource_CONFIRM |
| https://git.kernel.org/linus/b043138246a41064527c… | x_refsource_CONFIRM |
| https://git.kernel.org/linus/a6bd811f1209fe1c64c9… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2020031… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4300-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4301-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://packetstormsecurity.com/files/157233/Kerne… | x_refsource_MISC |
| https://www.debian.org/security/2020/dsa-4699 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel |
Affected:
4.10 to 5.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "USN-4300-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4301-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-3016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T15:00:50.015330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T15:47:55.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.10 to 5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-10T19:06:37.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "[oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "USN-4300-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4301-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-3016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "linux_kernel",
"version": {
"version_data": [
{
"version_value": "4.10 to 5.6"
}
]
}
}
]
},
"vendor_name": "linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.2/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20200130 CVE-2019-3016: information leak within a KVM guest",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/4"
},
{
"name": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini@redhat.com/",
"refsource": "CONFIRM",
"url": "https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini@redhat.com/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792167"
},
{
"name": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e"
},
{
"name": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7"
},
{
"name": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589"
},
{
"name": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796"
},
{
"name": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200313-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200313-0003/"
},
{
"name": "USN-4300-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4300-1/"
},
{
"name": "USN-4301-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4301-1/"
},
{
"name": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html"
},
{
"name": "DSA-4699",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-3016",
"datePublished": "2020-01-31T19:50:14.000Z",
"dateReserved": "2018-12-14T00:00:00.000Z",
"dateUpdated": "2024-09-30T15:47:55.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3837 (GCVE-0-2019-3837)
Vulnerability from cvelistv5 – Published: 2019-04-11 14:37 – Updated: 2024-08-04 19:19
VLAI
Summary
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.
Severity
6.1 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Linux Foundation | kernel |
Affected:
2.6.32 as shipped in rhel-6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3837"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "The Linux Foundation",
"versions": [
{
"status": "affected",
"version": "2.6.32 as shipped in rhel-6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T18:00:59.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3837"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3837",
"datePublished": "2019-04-11T14:37:26.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:19:18.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7614 (GCVE-0-2019-7614)
Vulnerability from cvelistv5 – Published: 2019-07-30 21:15 – Updated: 2024-08-04 20:54
VLAI
Summary
A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user.
Severity
No CVSS data available.
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.elastic.co/community/security/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Elastic | Elasticsearch |
Affected:
before 7.2.1 and 6.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elastic.co/community/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elasticsearch",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "before 7.2.1 and 6.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T21:15:47.000Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elastic.co/community/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elasticsearch",
"version": {
"version_data": [
{
"version_value": "before 7.2.1 and 6.8.2"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition flaw was found in the response headers Elasticsearch versions before 7.2.1 and 6.8.2 returns to a request. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security/",
"refsource": "MISC",
"url": "https://www.elastic.co/community/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7614",
"datePublished": "2019-07-30T21:15:47.000Z",
"dateReserved": "2019-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:54:28.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10684 (GCVE-0-2020-10684)
Vulnerability from cvelistv5 – Published: 2020-03-24 00:00 – Updated: 2024-08-04 11:06
VLAI
Summary
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
Severity
7.9 (High)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202006-11 | vendor-advisory |
| https://www.debian.org/security/2021/dsa-4950 | vendor-advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-1b6ce91e37",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"
},
{
"name": "FEDORA-2020-3990f03ba3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"
},
{
"name": "FEDORA-2020-f80154b5b4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"
},
{
"name": "GLSA-202006-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-11"
},
{
"name": "DSA-4950",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4950"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ansible",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "all Ansible 2.7.x versions prior to 2.7.17"
},
{
"status": "affected",
"version": "all Ansible 2.8.x versions prior to 2.8.9"
},
{
"status": "affected",
"version": "all Ansible 2.9.x versions prior to 2.9.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2020-1b6ce91e37",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/"
},
{
"name": "FEDORA-2020-3990f03ba3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/"
},
{
"name": "FEDORA-2020-f80154b5b4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/"
},
{
"name": "GLSA-202006-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202006-11"
},
{
"name": "DSA-4950",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4950"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10684",
"datePublished": "2020-03-24T00:00:00.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:10.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10737 (GCVE-0-2020-10737)
Vulnerability from cvelistv5 – Published: 2020-05-27 00:00 – Updated: 2024-08-04 11:14
VLAI
Summary
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.
Severity
6.3 (Medium)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737"
},
{
"tags": [
"x_transferred"
],
"url": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "oddjob",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "before 0.34.5"
},
{
"status": "affected",
"version": "before 0.34.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home\u0027s user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory\u0027s unprivileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737"
},
{
"url": "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10737",
"datePublished": "2020-05-27T00:00:00.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15706 (GCVE-0-2020-15706)
Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-16 22:20
VLAI
Title
GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.
Summary
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
Severity
6.4 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
17 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Date Public
2020-07-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2020-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:08:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
},
"title": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15706",
"STATE": "PUBLIC",
"TITLE": "GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
}
]
},
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15706",
"datePublished": "2020-07-29T17:45:33.975Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:20:56.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Phase: Architecture and Design
Description:
- Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
Phase: Architecture and Design
Description:
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Phase: Implementation
Description:
- When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Phase: Implementation
Description:
- Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Phase: Implementation
Description:
- Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Phase: Implementation
Description:
- Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Phase: Implementation
Description:
- Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Phase: Implementation
Description:
- Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.