Common Weakness Enumeration

CWE-362

Allowed-with-Review

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Abstraction: Class · Status: Draft

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2899 vulnerabilities reference this CWE, most recent first.

GHSA-WR2J-Q648-W99G

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2024-02-15 18:30
VLAI
Details

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-29368"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-28T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.",
  "id": "GHSA-wr2j-q648-w99g",
  "modified": "2024-02-15T18:30:39Z",
  "published": "2022-05-24T17:35:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29368"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c444eb564fb16645c172d550359cb3d75fe8a040"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210108-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WR76-XWC9-Q8VX

Vulnerability from github – Published: 2026-01-14 03:30 – Updated: 2026-01-14 03:30
VLAI
Details

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-68961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-14T03:15:50Z",
    "severity": "MODERATE"
  },
  "details": "Multi-thread race condition vulnerability in the camera framework module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-wr76-xwc9-q8vx",
  "modified": "2026-01-14T03:30:25Z",
  "published": "2026-01-14T03:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68961"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2026/1"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRCV-2HQ2-RHWC

Vulnerability from github – Published: 2025-08-11 06:30 – Updated: 2025-08-11 06:30
VLAI
Details

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-11T04:15:34Z",
    "severity": "HIGH"
  },
  "details": "in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.",
  "id": "GHSA-wrcv-2hq2-rhwc",
  "modified": "2025-08-11T06:30:30Z",
  "published": "2025-08-11T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25278"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-08.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRG5-4633-4GG8

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-16857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-05T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.",
  "id": "GHSA-wrg5-4633-4gg8",
  "modified": "2022-05-13T01:44:13Z",
  "published": "2022-05-13T01:44:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16857"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/BSERV-10439"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WRJW-5QVP-GQCG

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38
VLAI
Details

Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-07T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a race condition that can cause a stack-based buffer overflow or an out-of-bounds read.",
  "id": "GHSA-wrjw-5qvp-gqcg",
  "modified": "2022-05-24T17:38:10Z",
  "published": "2022-05-24T17:38:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20315"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-WV4P-JP67-JR97

Vulnerability from github – Published: 2021-08-25 20:50 – Updated: 2023-06-13 18:44
VLAI
Summary
Data races in magnetic
Details

Affected versions of this crate unconditionally implemented Sync and Send traits for MPMCConsumer and MPMCProducer types. This allows users to send types that do not implement Send trait across thread boundaries, which can cause a data race. The flaw was corrected in the 2.0.1 release by adding T: Send bound to affected Sync/Send trait implementations.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "magnetic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T18:56:44Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "Affected versions of this crate unconditionally implemented Sync and Send traits for MPMCConsumer and MPMCProducer types. This allows users to send types that do not implement Send trait across thread boundaries, which can cause a data race. The flaw was corrected in the 2.0.1 release by adding T: Send bound to affected Sync/Send trait implementations.",
  "id": "GHSA-wv4p-jp67-jr97",
  "modified": "2023-06-13T18:44:57Z",
  "published": "2021-08-25T20:50:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35925"
    },
    {
      "type": "WEB",
      "url": "https://github.com/johnshaw/magnetic/issues/9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/johnshaw/magnetic"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0088.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Data races in magnetic"
}

GHSA-WV63-PCG9-3X4Q

Vulnerability from github – Published: 2022-05-14 00:58 – Updated: 2024-03-21 03:33
VLAI
Details

** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11191"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-12T00:29:00Z",
    "severity": "LOW"
  },
  "details": "** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.",
  "id": "GHSA-wv63-pcg9-3x4q",
  "modified": "2024-03-21T03:33:34Z",
  "published": "2022-05-14T00:58:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11191"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4006-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4006-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4007-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4007-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4008-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4008-3"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2019/04/03/4"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2019/04/03/4/1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/04/18/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/05/22/7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107887"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WV76-PJMF-RXJC

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-10-22 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

zsmalloc: fix races between asynchronous zspage free and page migration

The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been locked can concurrently migrate off the zspage page list while lock_zspage() churns away, lock_zspage() can suffer from a few different lethal races.

It can lock a page which no longer belongs to the zspage and unsafely dereference page_private(), it can unsafely dereference a torn pointer to the next page (since there's a data race), and it can observe a spurious NULL pointer to the next page and thus not lock all of the zspage's pages (since a single page migration will reconstruct the entire page list, and create_page_chain() unconditionally zeroes out each list pointer in the process).

Fix the races by using migrate_read_lock() in lock_zspage() to synchronize with page migration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nzsmalloc: fix races between asynchronous zspage free and page migration\n\nThe asynchronous zspage free worker tries to lock a zspage\u0027s entire page\nlist without defending against page migration.  Since pages which haven\u0027t\nyet been locked can concurrently migrate off the zspage page list while\nlock_zspage() churns away, lock_zspage() can suffer from a few different\nlethal races.\n\nIt can lock a page which no longer belongs to the zspage and unsafely\ndereference page_private(), it can unsafely dereference a torn pointer to\nthe next page (since there\u0027s a data race), and it can observe a spurious\nNULL pointer to the next page and thus not lock all of the zspage\u0027s pages\n(since a single page migration will reconstruct the entire page list, and\ncreate_page_chain() unconditionally zeroes out each list pointer in the\nprocess).\n\nFix the races by using migrate_read_lock() in lock_zspage() to synchronize\nwith page migration.",
  "id": "GHSA-wv76-pjmf-rxjc",
  "modified": "2025-10-22T18:30:32Z",
  "published": "2025-10-22T18:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49554"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2505a981114dcb715f8977b8433f7540854851d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3674d8a8dadd03a447dd21069d4dacfc3399b63b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ec459c8810e658401be428d3168eacfc380bdd0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/645996efc2ae391246d595832aaa6f9d3cc338c7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ba7b7c1dad1f6503c541778f31b33f7f62eb966"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5402fb5f71f1a725f1e55d9c6799c0c7bec308f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fae05b2314b147a78fbed1dc4c645d9a66313758"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fc658c083904427abbf8f18280d517ee2668677c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WVPJ-27HH-G2M4

Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30
VLAI
Details

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-11T18:15:36Z",
    "severity": "HIGH"
  },
  "details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Speech allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-wvpj-27hh-g2m4",
  "modified": "2025-11-11T18:30:20Z",
  "published": "2025-11-11T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59507"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WVR5-3FWJ-8F26

Vulnerability from github – Published: 2022-05-14 03:00 – Updated: 2025-04-20 03:46
VLAI
Details

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-10T01:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.",
  "id": "GHSA-wvr5-3fwj-8f26",
  "modified": "2025-04-20T03:46:27Z",
  "published": "2022-05-14T03:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15038"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3575-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/10/06/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.

Mitigation
Architecture and Design

Use thread-safe capabilities such as the data access abstraction in Spring.

Mitigation
Architecture and Design
  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Implementation

When using multithreading and operating on shared variables, only use thread-safe functions.

Mitigation
Implementation

Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.

Mitigation
Implementation

Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.

Mitigation
Implementation

Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.

Mitigation
Implementation

Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.

Mitigation
Implementation

Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.