CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2915 vulnerabilities reference this CWE, most recent first.
GHSA-M8R7-5C4P-R8G4
Vulnerability from github – Published: 2023-07-11 18:31 – Updated: 2025-03-06 18:30A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.
{
"affected": [],
"aliases": [
"CVE-2023-3108"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-11T16:15:12Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the subsequent get_user_pages_fast in the Linux kernel\u2019s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.",
"id": "GHSA-m8r7-5c4p-r8g4",
"modified": "2025-03-06T18:30:54Z",
"published": "2023-07-11T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3108"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/9399f0c51489ae8c16d6559b82a452fdc1895e91"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-3108"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M8RH-94H3-QVH3
Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-05-12 21:31A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.
{
"affected": [],
"aliases": [
"CVE-2026-28830"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T21:18:51Z",
"severity": "MODERATE"
},
"details": "A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.",
"id": "GHSA-m8rh-94h3-qvh3",
"modified": "2026-05-12T21:31:32Z",
"published": "2026-05-11T21:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28830"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126794"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M8WV-9HR6-J68W
Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-05 18:30In the Linux kernel, the following vulnerability has been resolved:
mm/ksm: fix race with VMA iteration and mm_struct teardown
exit_mmap() will tear down the VMAs and maple tree with the mmap_lock held in write mode. Ensure that the maple tree is still valid by checking ksm_test_exit() after taking the mmap_lock in read mode, but before the for_each_vma() iterator dereferences a destroyed maple tree.
Since the maple tree is destroyed, the flags telling lockdep to check an external lock has been cleared. Skip the for_each_vma() iterator to avoid dereferencing a maple tree without the external lock flag, which would create a lockdep warning.
{
"affected": [],
"aliases": [
"CVE-2023-53614"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:58Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ksm: fix race with VMA iteration and mm_struct teardown\n\nexit_mmap() will tear down the VMAs and maple tree with the mmap_lock held\nin write mode. Ensure that the maple tree is still valid by checking\nksm_test_exit() after taking the mmap_lock in read mode, but before the\nfor_each_vma() iterator dereferences a destroyed maple tree.\n\nSince the maple tree is destroyed, the flags telling lockdep to check an\nexternal lock has been cleared. Skip the for_each_vma() iterator to avoid\ndereferencing a maple tree without the external lock flag, which would\ncreate a lockdep warning.",
"id": "GHSA-m8wv-9hr6-j68w",
"modified": "2026-02-05T18:30:29Z",
"published": "2025-10-04T18:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53614"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/286b0cab31bac29960e5684f6fb331d42f03b363"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6db504ce55bdbc575723938fc480713c9183f6a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4f664ffd8f78c05a1fd542a28bc5a11e994c014"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M952-G76M-Q58H
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-30603"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-26T18:15:00Z",
"severity": "HIGH"
},
"details": "Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-m952-g76m-q58h",
"modified": "2022-05-24T19:12:15Z",
"published": "2022-05-24T19:12:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30603"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1233564"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5LVY4WIWTVVYKQMROJJS365TZBKEARCF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJPUSAWIJMQFBQQQYXAICLI4EKFQOH6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QW4R2K5HVJ4R6XDZYOJCCFPIN2XHNS3L"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/164259/Chrome-HRTFDatabaseLoader-WaitForLoaderThreadCompletion-Data-Race.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-M983-V2FF-WQ65
Vulnerability from github – Published: 2026-03-30 17:40 – Updated: 2026-03-31 18:51Impact
When multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The sensitive data filter modifies these shared objects in-place, so when one subscriber's filter removes a protected field, subsequent subscribers may receive the already-filtered object. This can cause protected fields and authentication data to leak to clients that should not see them, or cause clients that should see the data to receive an incomplete object.
Additionally, when an afterEvent Cloud Code trigger is registered, one subscriber's trigger modifications can leak to other subscribers through the same shared mutable state.
Any Parse Server deployment using LiveQuery with protected fields or afterEvent triggers is affected when multiple clients subscribe to the same class.
Patches
The fix deep-clones the shared objects at the start of each subscriber's processing callback, ensuring each subscriber works on an independent copy. Additionally, a bug was fixed where master key LiveQuery clients could not receive events on classes with protected fields due to an incorrect type passed to the sensitive data filter.
Workarounds
There is no known workaround.
Resources
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-m983-v2ff-wq65
- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10330
- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10331
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0"
},
{
"fixed": "9.7.0-alpha.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.6.65"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34363"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-30T17:40:59Z",
"nvd_published_at": "2026-03-31T15:16:18Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWhen multiple clients subscribe to the same class via LiveQuery, the event handlers process each subscriber concurrently using shared mutable objects. The sensitive data filter modifies these shared objects in-place, so when one subscriber\u0027s filter removes a protected field, subsequent subscribers may receive the already-filtered object. This can cause protected fields and authentication data to leak to clients that should not see them, or cause clients that should see the data to receive an incomplete object.\n\nAdditionally, when an afterEvent Cloud Code trigger is registered, one subscriber\u0027s trigger modifications can leak to other subscribers through the same shared mutable state.\n\nAny Parse Server deployment using LiveQuery with protected fields or afterEvent triggers is affected when multiple clients subscribe to the same class.\n\n### Patches\n\nThe fix deep-clones the shared objects at the start of each subscriber\u0027s processing callback, ensuring each subscriber works on an independent copy. Additionally, a bug was fixed where master key LiveQuery clients could not receive events on classes with protected fields due to an incorrect type passed to the sensitive data filter.\n\n### Workarounds\n\nThere is no known workaround.\n\n### Resources\n\n- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-m983-v2ff-wq65\n- Fix Parse Server 9: https://github.com/parse-community/parse-server/pull/10330\n- Fix Parse Server 8: https://github.com/parse-community/parse-server/pull/10331",
"id": "GHSA-m983-v2ff-wq65",
"modified": "2026-03-31T18:51:49Z",
"published": "2026-03-30T17:40:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-m983-v2ff-wq65"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34363"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/10330"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/pull/10331"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/5834e29234593addaa0251a85f572ad4f376320b"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/776c71c3078e77d38c94937f463741793609d055"
},
{
"type": "PACKAGE",
"url": "https://github.com/parse-community/parse-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "LiveQuery protected field leak via shared mutable state across concurrent subscribers"
}
GHSA-M9GP-FQR3-W459
Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2024-11-05 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: Fix a race condition of vram buffer unref in svm code
prange->svm_bo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync svm_bo unref operation to avoid random "use-after-free".
{
"affected": [],
"aliases": [
"CVE-2023-52825"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T16:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix a race condition of vram buffer unref in svm code\n\nprange-\u003esvm_bo unref can happen in both mmu callback and a callback after\nmigrate to system ram. Both are async call in different tasks. Sync svm_bo\nunref operation to avoid random \"use-after-free\".",
"id": "GHSA-m9gp-fqr3-w459",
"modified": "2024-11-05T18:31:59Z",
"published": "2024-05-21T18:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52825"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/709c348261618da7ed89d6c303e2ceb9e453ba74"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d43cdd22cd81a2b079e864c4321b9aba4c6af34"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c772eacbd6d0845fc922af8716bb9d29ae27b8cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fc0210720127cc6302e6d6f3de48f49c3fcf5659"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M9M8-HX7M-5RV8
Vulnerability from github – Published: 2026-03-10 18:31 – Updated: 2026-03-10 18:31Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-23671"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T18:18:15Z",
"severity": "HIGH"
},
"details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-m9m8-hx7m-5rv8",
"modified": "2026-03-10T18:31:19Z",
"published": "2026-03-10T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23671"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23671"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M9RV-CPGH-2JV7
Vulnerability from github – Published: 2024-01-11 00:30 – Updated: 2024-01-17 21:30A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges.
{
"affected": [],
"aliases": [
"CVE-2023-42832"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-10T22:15:49Z",
"severity": "HIGH"
},
"details": "A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges.",
"id": "GHSA-m9rv-cpgh-2jv7",
"modified": "2024-01-17T21:30:20Z",
"published": "2024-01-11T00:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42832"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213843"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213844"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213845"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MC36-5M36-HJH5
Vulnerability from github – Published: 2021-08-25 20:58 – Updated: 2021-08-18 20:21An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "slock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-36455"
],
"database_specific": {
"cwe_ids": [
"CWE-362",
"CWE-77"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-18T20:21:54Z",
"nvd_published_at": "2021-08-08T06:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock\u003cT\u003e unconditionally implements Send and Sync.",
"id": "GHSA-mc36-5m36-hjh5",
"modified": "2021-08-18T20:21:54Z",
"published": "2021-08-25T20:58:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36455"
},
{
"type": "WEB",
"url": "https://github.com/BrokenLamp/slock-rs/issues/2"
},
{
"type": "WEB",
"url": "https://github.com/BrokenLamp/slock-rs/commit/719df35f55b6cab4ca2a7f840347a06ecbd8aac6"
},
{
"type": "PACKAGE",
"url": "https://github.com/BrokenLamp/slock-rs"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/slock/RUSTSEC-2020-0135.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0135.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Data races in slock"
}
GHSA-MC52-JPM2-CQH6
Vulnerability from github – Published: 2023-01-20 16:56 – Updated: 2023-04-03 19:15Impact
Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action.
A malicious program could clear the terminal screen after permission prompt was shown and write a generic message like so:
// Expected prompt
⚠️ ┌ Deno requests read access to "./log.txt".
├ Requested by `Deno.open()` API
├ Run again with --allow-read to bypass this prompt.
└ Allow? [y/n] (y = yes, allow; n = no, deny) >
// Prompt that users would see
Do you want to continue?
This situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can’t be reliably reproduced on every try.
This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers).
Patches
The problem has been fixed in Deno v1.29.3; it is recommended all users update to this version.
Workarounds
Run with --no-prompt flag to disable interactive permission prompts.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "deno"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.29.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-22499"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2023-01-20T16:56:40Z",
"nvd_published_at": "2023-01-17T21:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nMulti-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. \n\nA malicious program could clear the terminal screen after permission prompt was shown and write a generic message like so:\n```\n// Expected prompt\n\u26a0\ufe0f \u250c Deno requests read access to \"./log.txt\".\n \u251c Requested by `Deno.open()` API\n \u251c Run again with --allow-read to bypass this prompt.\n \u2514 Allow? [y/n] (y = yes, allow; n = no, deny) \u003e\n\n// Prompt that users would see\nDo you want to continue?\n```\n\nThis situation impacts users who use Web Worker API and relied on interactive permission prompt. The reproduction is very timing sensitive and can\u2019t be reliably reproduced on every try.\n\nThis problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). \n\n### Patches\n\nThe problem has been fixed in Deno v1.29.3; it is recommended all users update to this version.\n\n### Workarounds\n\nRun with `--no-prompt` flag to disable interactive permission prompts.\n",
"id": "GHSA-mc52-jpm2-cqh6",
"modified": "2023-04-03T19:15:49Z",
"published": "2023-01-20T16:56:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/denoland/deno/security/advisories/GHSA-mc52-jpm2-cqh6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22499"
},
{
"type": "WEB",
"url": "https://github.com/denoland/deno/pull/17392"
},
{
"type": "PACKAGE",
"url": "https://github.com/denoland/deno"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Deno is vulnerable to race condition via interactive permission prompt spoofing"
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.