CWE-667
Allowed-with-ReviewImproper Locking
Abstraction: Class · Status: Draft
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
693 vulnerabilities reference this CWE, most recent first.
GHSA-VW3G-79H8-V7F8
Vulnerability from github – Published: 2024-03-01 00:30 – Updated: 2024-12-10 21:30In the Linux kernel, the following vulnerability has been resolved:
soc/tegra: regulators: Fix locking up when voltage-spread is out of range
Fix voltage coupler lockup which happens when voltage-spread is out of range due to a bug in the code. The max-spread requirement shall be accounted when CPU regulator doesn't have consumers. This problem is observed on Tegra30 Ouya game console once system-wide DVFS is enabled in a device-tree.
{
"affected": [],
"aliases": [
"CVE-2021-47067"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-29T23:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc/tegra: regulators: Fix locking up when voltage-spread is out of range\n\nFix voltage coupler lockup which happens when voltage-spread is out\nof range due to a bug in the code. The max-spread requirement shall be\naccounted when CPU regulator doesn\u0027t have consumers. This problem is\nobserved on Tegra30 Ouya game console once system-wide DVFS is enabled\nin a device-tree.",
"id": "GHSA-vw3g-79h8-v7f8",
"modified": "2024-12-10T21:30:51Z",
"published": "2024-03-01T00:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47067"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a1ad124c836816fac8bd5e461d36eaf33cee4e24"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc4452867200fa94589b382740952b58aa1c3e6c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ef85bb582c41524e9e68dfdbde48e519dac4ab3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ff39adf5d31c72025bba799aec69c5c86d81d549"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW3M-PVF6-GXW8
Vulnerability from github – Published: 2024-04-17 12:32 – Updated: 2024-04-29 21:30In the Linux kernel, the following vulnerability has been resolved:
block: fix deadlock between bd_link_disk_holder and partition scan
'open_mutex' of gendisk is used to protect open/close block devices. But in bd_link_disk_holder(), it is used to protect the creation of symlink between holding disk and slave bdev, which introduces some issues.
When bd_link_disk_holder() is called, the driver is usually in the process of initialization/modification and may suspend submitting io. At this time, any io hold 'open_mutex', such as scanning partitions, can cause deadlocks. For example, in raid:
T1 T2 bdev_open_by_dev lock open_mutex [1] ... efi_partition ... md_submit_bio md_ioctl mddev_syspend -> suspend all io md_add_new_disk bind_rdev_to_array bd_link_disk_holder try lock open_mutex [2] md_handle_request -> wait mddev_resume
T1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume mddev, but T2 waits for open_mutex held by T1. Deadlock occurs.
Fix it by introducing a local mutex 'blk_holder_mutex' to replace 'open_mutex'.
{
"affected": [],
"aliases": [
"CVE-2024-26899"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:10Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix deadlock between bd_link_disk_holder and partition scan\n\n\u0027open_mutex\u0027 of gendisk is used to protect open/close block devices. But\nin bd_link_disk_holder(), it is used to protect the creation of symlink\nbetween holding disk and slave bdev, which introduces some issues.\n\nWhen bd_link_disk_holder() is called, the driver is usually in the process\nof initialization/modification and may suspend submitting io. At this\ntime, any io hold \u0027open_mutex\u0027, such as scanning partitions, can cause\ndeadlocks. For example, in raid:\n\nT1 T2\nbdev_open_by_dev\n lock open_mutex [1]\n ...\n efi_partition\n ...\n md_submit_bio\n\t\t\t\tmd_ioctl mddev_syspend\n\t\t\t\t -\u003e suspend all io\n\t\t\t\t md_add_new_disk\n\t\t\t\t bind_rdev_to_array\n\t\t\t\t bd_link_disk_holder\n\t\t\t\t try lock open_mutex [2]\n md_handle_request\n -\u003e wait mddev_resume\n\nT1 scan partition, T2 add a new device to raid. T1 waits for T2 to resume\nmddev, but T2 waits for open_mutex held by T1. Deadlock occurs.\n\nFix it by introducing a local mutex \u0027blk_holder_mutex\u0027 to replace\n\u0027open_mutex\u0027.",
"id": "GHSA-vw3m-pvf6-gxw8",
"modified": "2024-04-29T21:30:33Z",
"published": "2024-04-17T12:32:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26899"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/03f12122b20b6e6028e9ed69030a49f9cffcbb75"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e5c5b0abaee7b62a10b9707a62083b71ad21f62"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a87c1f7993bc8ac358a3766bac5dc7126e01e98"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW8Q-74W5-57VQ
Vulnerability from github – Published: 2026-06-18 15:32 – Updated: 2026-06-18 18:35[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]
To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these operations may not be executed in parallel, so a system-wide lock is used. The way that lock is acquired is, however, not providing any fairness. This is CVE-2026-42489.
Furthermore, with XSM/Flask in use, the lock acquire will, for some operations, occur ahead of any permission checking. This is CVE-2026-42490.
{
"affected": [],
"aliases": [
"CVE-2026-42489"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-18T14:17:25Z",
"severity": "MODERATE"
},
"details": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nTo create and manage guests, domctl operations are used by the control\ndomain, a possible Xenstore domain, or by a domain controlling a\nparticular guest. Some of these operations may not be executed in\nparallel, so a system-wide lock is used. The way that lock is acquired\nis, however, not providing any fairness. This is CVE-2026-42489.\n\nFurthermore, with XSM/Flask in use, the lock acquire will, for some\noperations, occur ahead of any permission checking. This is\nCVE-2026-42490.",
"id": "GHSA-vw8q-74w5-57vq",
"modified": "2026-06-18T18:35:21Z",
"published": "2026-06-18T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42489"
},
{
"type": "WEB",
"url": "https://xenbits.xenproject.org/xsa/advisory-492.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX82-3VMH-HC4Q
Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2024-05-03 00:30MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
{
"affected": [],
"aliases": [
"CVE-2022-31621"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-25T21:15:00Z",
"severity": "MODERATE"
},
"details": "MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt-\u003edest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.",
"id": "GHSA-vx82-3vmh-hc4q",
"modified": "2024-05-03T00:30:43Z",
"published": "2022-05-26T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31621"
},
{
"type": "WEB",
"url": "https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26561"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26574"
},
{
"type": "WEB",
"url": "https://jira.mariadb.org/browse/MDEV-26574?filter=-2"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220707-0006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VXC2-696Q-6C9J
Vulnerability from github – Published: 2022-05-02 00:08 – Updated: 2024-02-15 21:31fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
{
"affected": [],
"aliases": [
"CVE-2008-4302"
],
"database_specific": {
"cwe_ids": [
"CWE-667",
"CWE-755"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-09-29T17:17:00Z",
"severity": "MODERATE"
},
"details": "fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.",
"id": "GHSA-vxc2-696q-6c9j",
"modified": "2024-02-15T21:31:23Z",
"published": "2022-05-02T00:08:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4302"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=462434"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45191"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10547"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git%3Ba=commit%3Bh=6a860c979b35469e4d77da781a96bdb2ca05ae64"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=6a860c979b35469e4d77da781a96bdb2ca05ae64"
},
{
"type": "WEB",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"type": "WEB",
"url": "http://lkml.org/lkml/2007/7/20/168"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32237"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32485"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32759"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1653"
},
{
"type": "WEB",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln31201.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/10"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/31201"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W2CG-9W9F-WHQW
Vulnerability from github – Published: 2026-05-26 18:31 – Updated: 2026-05-26 18:31NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-24182"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-26T18:16:37Z",
"severity": "MODERATE"
},
"details": "NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.",
"id": "GHSA-w2cg-9w9f-whqw",
"modified": "2026-05-26T18:31:48Z",
"published": "2026-05-26T18:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24182"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W36H-73V6-WG8Q
Vulnerability from github – Published: 2024-05-17 15:31 – Updated: 2025-01-10 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf
If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the clients mutex remained unlocked leading to a deadlock inside nouveau_drm_postclose or any other nouveau ioctl call.
{
"affected": [],
"aliases": [
"CVE-2024-35786"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T13:15:58Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf\n\nIf VM_BIND is enabled on the client the legacy submission ioctl can\u0027t be\nused, however if a client tries to do so regardless it will return an\nerror. In this case the clients mutex remained unlocked leading to a\ndeadlock inside nouveau_drm_postclose or any other nouveau ioctl call.",
"id": "GHSA-w36h-73v6-wg8q",
"modified": "2025-01-10T18:31:37Z",
"published": "2024-05-17T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35786"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W3QV-8X8P-58Q9
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2025-20044"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:26Z",
"severity": "MODERATE"
},
"details": "Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-w3qv-8x8p-58q9",
"modified": "2025-08-12T18:31:29Z",
"published": "2025-08-12T18:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20044"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01245.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W447-HXJ8-XQ6P
Vulnerability from github – Published: 2026-06-03 18:33 – Updated: 2026-07-04 12:30In the Linux kernel, the following vulnerability has been resolved:
regulator: core: fix locking in regulator_resolve_supply() error path
If late enabling of a supply regulator fails in regulator_resolve_supply(), the code currently triggers a lockdep warning:
WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596
...
Call trace:
_regulator_put+0x80/0xa0 (P)
regulator_resolve_supply+0x7cc/0xbe0
regulator_register_resolve_supply+0x28/0xb8
as the regulator_list_mutex must be held when calling _regulator_put().
To solve this, simply switch to using regulator_put().
While at it, we should also make sure that no concurrent access happens to our rdev while we clear out the supply pointer. Add appropriate locking to ensure that.
While the code in question will be removed altogether in a follow-up commit, I believe it is still beneficial to have this corrected before removal for future reference.
{
"affected": [],
"aliases": [
"CVE-2026-46252"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-03T18:16:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: fix locking in regulator_resolve_supply() error path\n\nIf late enabling of a supply regulator fails in\nregulator_resolve_supply(), the code currently triggers a lockdep\nwarning:\n\n WARNING: drivers/regulator/core.c:2649 at _regulator_put+0x80/0xa0, CPU#6: kworker/u32:4/596\n ...\n Call trace:\n _regulator_put+0x80/0xa0 (P)\n regulator_resolve_supply+0x7cc/0xbe0\n regulator_register_resolve_supply+0x28/0xb8\n\nas the regulator_list_mutex must be held when calling _regulator_put().\n\nTo solve this, simply switch to using regulator_put().\n\nWhile at it, we should also make sure that no concurrent access happens\nto our rdev while we clear out the supply pointer. Add appropriate\nlocking to ensure that.\n\nWhile the code in question will be removed altogether in a follow-up\ncommit, I believe it is still beneficial to have this corrected before\nremoval for future reference.",
"id": "GHSA-w447-hxj8-xq6p",
"modified": "2026-07-04T12:30:27Z",
"published": "2026-06-03T18:33:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46252"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b7fffd7a8984a1c009f668765ee7631fd6b87c8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/497330b203d2c59c5ff3fa4c34d14494d7203bc3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/60747114fd2a38739130b715e7b2d40ce848f0be"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8a2eab1166bc33ee38ca371cff425bdb5681e47"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bde74af8d4466213007bdd42cc85fa72c861dea7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c66e0db0f37290b53c57994f998bb55590364fd0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c84860dac7af7dc3c3e3c9ae86d65e222c2f3b0c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e77357dc2293283fc08a485b1e2e571d91d02622"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W4WX-WMGH-4Q7X
Vulnerability from github – Published: 2023-06-06 15:30 – Updated: 2024-04-04 04:35In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149.
{
"affected": [],
"aliases": [
"CVE-2023-20733"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T13:15:12Z",
"severity": "MODERATE"
},
"details": "In vcu, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645149.",
"id": "GHSA-w4wx-wmgh-4q7x",
"modified": "2024-04-04T04:35:23Z",
"published": "2023-06-06T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20733"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/June-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Libraries or Frameworks
Use industry standard APIs to implement locking mechanism.
CAPEC-25: Forced Deadlock
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-27: Leveraging Race Conditions via Symbolic Links
This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.