Common Weakness Enumeration

CWE-362

Allowed-with-Review

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Abstraction: Class · Status: Draft

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2909 vulnerabilities reference this CWE, most recent first.

GHSA-2489-GXHV-VF7C

Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-21 18:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend

In __ufshcd_wl_suspend(), cancel_delayed_work_sync() is called to cancel the UFS RTC work, but it is placed after ufshcd_vops_suspend(hba, pm_op, POST_CHANGE). This creates a race condition where ufshcd_rtc_work() can still be running while ufshcd_vops_suspend() is executing. When UFSHCD_CAP_CLK_GATING is not supported, the condition !hba->clk_gating.active_reqs is always true, causing ufshcd_update_rtc() to be executed. Since ufshcd_vops_suspend() typically performs clock gating operations, executing ufshcd_update_rtc() at that moment triggers an SError. The kernel panic trace is as follows:

Kernel panic - not syncing: Asynchronous SError Interrupt Call trace: dump_backtrace+0xec/0x128 show_stack+0x18/0x28 dump_stack_lvl+0x40/0xa0 dump_stack+0x18/0x24 panic+0x148/0x374 nmi_panic+0x3c/0x8c arm64_serror_panic+0x64/0x8c do_serror+0xc4/0xc8 el1h_64_error_handler+0x34/0x4c el1h_64_error+0x68/0x6c el1_interrupt+0x20/0x58 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x68/0x6c ktime_get+0xc4/0x12c ufshcd_mcq_sq_stop+0x4c/0xec ufshcd_mcq_sq_cleanup+0x64/0x1dc ufshcd_clear_cmd+0x38/0x134 ufshcd_issue_dev_cmd+0x298/0x4d0 ufshcd_exec_dev_cmd+0x1a4/0x1c4 ufshcd_query_attr+0xbc/0x19c ufshcd_rtc_work+0x10c/0x1c8 process_scheduled_works+0x1c4/0x45c worker_thread+0x32c/0x3e8 kthread+0x120/0x1d8 ret_from_fork+0x10/0x20

Fix this by moving cancel_delayed_work_sync() before the call to ufshcd_vops_suspend(hba, pm_op, PRE_CHANGE), ensuring the UFS RTC work is fully completed or cancelled at that point.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T15:16:53Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend\n\nIn __ufshcd_wl_suspend(), cancel_delayed_work_sync() is called to cancel\nthe UFS RTC work, but it is placed after ufshcd_vops_suspend(hba, pm_op,\nPOST_CHANGE). This creates a race condition where ufshcd_rtc_work() can\nstill be running while ufshcd_vops_suspend() is executing. When\nUFSHCD_CAP_CLK_GATING is not supported, the condition\n!hba-\u003eclk_gating.active_reqs is always true, causing ufshcd_update_rtc()\nto be executed. Since ufshcd_vops_suspend() typically performs clock\ngating operations, executing ufshcd_update_rtc() at that moment triggers\nan SError. The kernel panic trace is as follows:\n\nKernel panic - not syncing: Asynchronous SError Interrupt\nCall trace:\n dump_backtrace+0xec/0x128\n show_stack+0x18/0x28\n dump_stack_lvl+0x40/0xa0\n dump_stack+0x18/0x24\n panic+0x148/0x374\n nmi_panic+0x3c/0x8c\n arm64_serror_panic+0x64/0x8c\n do_serror+0xc4/0xc8\n el1h_64_error_handler+0x34/0x4c\n el1h_64_error+0x68/0x6c\n el1_interrupt+0x20/0x58\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x68/0x6c\n ktime_get+0xc4/0x12c\n ufshcd_mcq_sq_stop+0x4c/0xec\n ufshcd_mcq_sq_cleanup+0x64/0x1dc\n ufshcd_clear_cmd+0x38/0x134\n ufshcd_issue_dev_cmd+0x298/0x4d0\n ufshcd_exec_dev_cmd+0x1a4/0x1c4\n ufshcd_query_attr+0xbc/0x19c\n ufshcd_rtc_work+0x10c/0x1c8\n process_scheduled_works+0x1c4/0x45c\n worker_thread+0x32c/0x3e8\n kthread+0x120/0x1d8\n ret_from_fork+0x10/0x20\n\nFix this by moving cancel_delayed_work_sync() before the call to\nufshcd_vops_suspend(hba, pm_op, PRE_CHANGE), ensuring the UFS RTC work is\nfully completed or cancelled at that point.",
  "id": "GHSA-2489-gxhv-vf7c",
  "modified": "2026-05-21T18:33:06Z",
  "published": "2026-05-08T15:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43415"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2fcc2fc21cae7a0cbe73053f7fc70680ce2a7f69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a6a894413b043704b77a6294c379c93b1477e48d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0bd84c39289ef6a6c3827dd52c875659291970a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b17211b512cbf0e07de27e1932428ee6c20df910"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c387a8f1d3713f6b0415ece8485042d0f134b91a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-24Q4-MVC8-82FW

Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 18:31
VLAI
Details

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T23:17:24Z",
    "severity": "MODERATE"
  },
  "details": "Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
  "id": "GHSA-24q4-mvc8-82fw",
  "modified": "2026-07-01T18:31:41Z",
  "published": "2026-07-01T00:34:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14133"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/514039947"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-24RG-X9R9-X3F6

Vulnerability from github – Published: 2025-04-01 00:30 – Updated: 2025-11-04 00:32
VLAI
Details

A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-31T23:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.",
  "id": "GHSA-24rg-x9r9-x3f6",
  "modified": "2025-11-04T00:32:23Z",
  "published": "2025-04-01T00:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30444"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122373"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122374"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/122375"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Apr/10"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Apr/8"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Apr/9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-255W-8G7G-QMG6

Vulnerability from github – Published: 2026-04-03 18:31 – Updated: 2026-04-23 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix race condition during IPSec ESN update

In IPSec full offload mode, the device reports an ESN (Extended Sequence Number) wrap event to the driver. The driver validates this event by querying the IPSec ASO and checking that the esn_event_arm field is 0x0, which indicates an event has occurred. After handling the event, the driver must re-arm the context by setting esn_event_arm back to 0x1.

A race condition exists in this handling path. After validating the event, the driver calls mlx5_accel_esp_modify_xfrm() to update the kernel's xfrm state. This function temporarily releases and re-acquires the xfrm state lock.

So, need to acknowledge the event first by setting esn_event_arm to 0x1. This prevents the driver from reprocessing the same ESN update if the hardware sends events for other reason. Since the next ESN update only occurs after nearly 2^31 packets are received, there's no risk of missing an update, as it will happen long after this handling has finished.

Processing the event twice causes the ESN high-order bits (esn_msb) to be incremented incorrectly. The driver then programs the hardware with this invalid ESN state, which leads to anti-replay failures and a complete halt of IPSec traffic.

Fix this by re-arming the ESN event immediately after it is validated, before calling mlx5_accel_esp_modify_xfrm(). This ensures that any spurious, duplicate events are correctly ignored, closing the race window.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T16:16:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix race condition during IPSec ESN update\n\nIn IPSec full offload mode, the device reports an ESN (Extended\nSequence Number) wrap event to the driver. The driver validates this\nevent by querying the IPSec ASO and checking that the esn_event_arm\nfield is 0x0, which indicates an event has occurred. After handling\nthe event, the driver must re-arm the context by setting esn_event_arm\nback to 0x1.\n\nA race condition exists in this handling path. After validating the\nevent, the driver calls mlx5_accel_esp_modify_xfrm() to update the\nkernel\u0027s xfrm state. This function temporarily releases and\nre-acquires the xfrm state lock.\n\nSo, need to acknowledge the event first by setting esn_event_arm to\n0x1. This prevents the driver from reprocessing the same ESN update if\nthe hardware sends events for other reason. Since the next ESN update\nonly occurs after nearly 2^31 packets are received, there\u0027s no risk of\nmissing an update, as it will happen long after this handling has\nfinished.\n\nProcessing the event twice causes the ESN high-order bits (esn_msb) to\nbe incremented incorrectly. The driver then programs the hardware with\nthis invalid ESN state, which leads to anti-replay failures and a\ncomplete halt of IPSec traffic.\n\nFix this by re-arming the ESN event immediately after it is validated,\nbefore calling mlx5_accel_esp_modify_xfrm(). This ensures that any\nspurious, duplicate events are correctly ignored, closing the race\nwindow.",
  "id": "GHSA-255w-8g7g-qmg6",
  "modified": "2026-04-23T21:31:18Z",
  "published": "2026-04-03T18:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23440"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2051c709dce92da3550040aa7949cd5a9c89b14e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3dffc083292e6872787bd7e34b957627622f9af4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d625c15471fb8780125eaef682983a96af77bdc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/96c9c25b74686ac2de15921c9ad30c5ef13af8cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/beb6e2e5976a128b0cccf10d158124422210c5ef"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-258W-3PQ9-4JH3

Vulnerability from github – Published: 2025-10-28 12:30 – Updated: 2026-02-26 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix race condition in RPC handle list access

The 'sess->rpc_handle_list' XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by 'sess->rpc_lock' (an rw_semaphore). However, the locking implementation was flawed, leading to potential race conditions.

In ksmbd_session_rpc_open(), the code incorrectly acquired only a read lock before calling xa_store() and xa_erase(). Since these operations modify the XArray structure, a write lock is required to ensure exclusive access and prevent data corruption from concurrent modifications.

Furthermore, ksmbd_session_rpc_method() accessed the list using xa_load() without holding any lock at all. This could lead to reading inconsistent data or a potential use-after-free if an entry is concurrently removed and the pointer is dereferenced.

Fix these issues by: 1. Using down_write() and up_write() in ksmbd_session_rpc_open() to ensure exclusive access during XArray modification, and ensuring the lock is correctly released on error paths. 2. Adding down_read() and up_read() in ksmbd_session_rpc_method() to safely protect the lookup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-28T12:15:37Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix race condition in RPC handle list access\n\nThe \u0027sess-\u003erpc_handle_list\u0027 XArray manages RPC handles within a ksmbd\nsession. Access to this list is intended to be protected by\n\u0027sess-\u003erpc_lock\u0027 (an rw_semaphore). However, the locking implementation was\nflawed, leading to potential race conditions.\n\nIn ksmbd_session_rpc_open(), the code incorrectly acquired only a read lock\nbefore calling xa_store() and xa_erase(). Since these operations modify\nthe XArray structure, a write lock is required to ensure exclusive access\nand prevent data corruption from concurrent modifications.\n\nFurthermore, ksmbd_session_rpc_method() accessed the list using xa_load()\nwithout holding any lock at all. This could lead to reading inconsistent\ndata or a potential use-after-free if an entry is concurrently removed and\nthe pointer is dereferenced.\n\nFix these issues by:\n1. Using down_write() and up_write() in ksmbd_session_rpc_open()\n   to ensure exclusive access during XArray modification, and ensuring\n   the lock is correctly released on error paths.\n2. Adding down_read() and up_read() in ksmbd_session_rpc_method()\n   to safely protect the lookup.",
  "id": "GHSA-258w-3pq9-4jh3",
  "modified": "2026-02-26T18:31:33Z",
  "published": "2025-10-28T12:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40039"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/305853cce379407090a73b38c5de5ba748893aee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cc679ba0f4505936124cd4179ba66bb0a4bd9f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/69674b029002b1d90b655f014bdf64f404efa54d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b615a8fb3af0baf8126cde3d4fee97d57222ffc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6bd7e0e55dcea2cf0d391bbc21c2eb069b4be3e1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-259Q-J44W-V653

Vulnerability from github – Published: 2025-02-18 18:33 – Updated: 2025-02-18 18:33
VLAI
Details

An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51505"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-18T18:15:26Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges.",
  "id": "GHSA-259q-j44w-v653",
  "modified": "2025-02-18T18:33:21Z",
  "published": "2025-02-18T18:33:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51505"
    },
    {
      "type": "WEB",
      "url": "https://eviden.com"
    },
    {
      "type": "WEB",
      "url": "https://support.bull.com/ols/product/security/psirt/security-bulletins/potential-privilege-escalation-in-idpki-psirt-1335-tlp-clear-version-2-10-cve-2024-39327-cve-2024-39328-cve-2024-51505/view"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25C8-P796-JG6R

Vulnerability from github – Published: 2023-07-11 22:45 – Updated: 2024-06-03 18:31
VLAI
Summary
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Details

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

Executive summary

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords.

Discussion

Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334

Mitigation factors

Microsoft has not identified any mitigating factors for this vulnerability.

Affected software

  • Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier.
  • Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier.
  • Any ASP.NET Core 2.1 application consuming the package Microsoft.AspNetCore.Identity version 2.1.31 or earlier.

If your application uses the following package versions, ensure you update to the latest version of .NET.

ASP.NET Core 2.1

Package name Affected version Patched version
Microsoft.AspNetCore.Identity <=2.1.39 2.1.39

Microsoft.AspNet.Identity.Owin

Package name Affected version Patched version
Microsoft.AspNet.Identity.Owin <= 2.2.3 2.2.4

ASP.NET 6.0

Package name Affected version Patched version

Microsoft.AspNetCore.App.Runtime.linux-arm | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.linux-arm64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.linux-musl-arm | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.linux-x64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.osx-arm64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.osx-x64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.win-arm | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.win-arm64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.win-x64 | <= 6.0.19 | 6.0.20 Microsoft.AspNetCore.App.Runtime.win-x86 | <= 6.0.19 | 6.0.20

ASP.NET 7.0

Package name Affected version Patched version
Microsoft.AspNetCore.App.Runtime.linux-arm <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.linux-arm64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-arm <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.linux-musl-x64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.linux-x64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.osx-arm64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.osx-x64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.win-arm <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.win-arm64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.win-x64 <= 7.0.9 7.0.9
Microsoft.AspNetCore.App.Runtime.win-x86 <= 7.0.9 7.0.9

Advisory FAQ

How do I know if I am affected?

If you have a runtime or SDK with a version listed, or an affected package listed in affected software, you're exposed to the vulnerability.

How do I fix the issue?

  • To fix the issue please install the latest version of .NET 6.0 or .NET 7.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.
  • If you are using one of the affected packages, please update to the patched version listed above.
  • If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the dotnet --info command. You will see output like the following;
.NET Core SDK (reflecting any global.json):

 Version:   6.0.300
 Commit:    8473146e7d

Runtime Environment:

 OS Name:     Windows
 OS Version:  10.0.18363
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\6.0.300\

Host (useful for support):

  Version: 6.0.5
  Commit:  8473146e7d

.NET Core SDKs installed:

  6.0.300 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed:

  Microsoft.AspNetCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.WindowsDesktop.App 6.0.5 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

To install additional .NET Core runtimes or SDKs:
  https://aka.ms/dotnet-download
  • If you're using .NET 7.0, you should download and install Runtime 7.0.7 or SDK 7.0.106 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.
  • If you're using .NET 6.0, you should download and install Runtime 6.0.18 or SDK 6.0.312 (for Visual Studio 2022 v17.2) from https://dotnet.microsoft.com/download/dotnet-core/6.0.
  • If you're using ASP.NET Core 2.1 and consuming the Microsoft.AspNetCore.Identity package, update that package to version 2.1.39

.NET 6.0 and and .NET 7.0 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.

Once you have installed the updated runtime or SDK, restart your apps for the update to take effect.

Additionally, if you've deployed self-contained applications targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.

Other Information

Reporting Security Issues

If you have found a potential security issue in .NET 6.0 or .NET 7.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core & .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at https://aka.ms/corebounty.

Support

You can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

External Links

CVE-2023-33170

Revisions

V1.0 (July 11, 2023): Advisory published.

Version 1.0

Last Updated 2023-07-11

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.Identity"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNet.Identity.Owin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.win-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.linux-musl-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.AspNetCore.App.Runtime.osx-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-33170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-11T22:45:20Z",
    "nvd_published_at": "2023-07-11T18:15:15Z",
    "severity": "HIGH"
  },
  "details": "# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability\n\n## Executive summary\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA vulnerability exist in ASP.NET  Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords.\n\n## Discussion\n\nDiscussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334\n\n### Mitigation factors\n\nMicrosoft has not identified any mitigating factors for this vulnerability.\n\n## Affected software\n\n* Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier.\n* Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier.\n* Any ASP.NET Core 2.1 application consuming the package Microsoft.AspNetCore.Identity version 2.1.31 or earlier.\n\nIf your application uses the following package versions, ensure you update to the latest version of .NET.\n\n### ASP.NET Core 2.1\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[ Microsoft.AspNetCore.Identity](https://www.nuget.org/packages/Microsoft.AspNetCore.Identity/2.1.39)      | \u003c=2.1.39 | 2.1.39\n\n### Microsoft.AspNet.Identity.Owin\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[ Microsoft.AspNet.Identity.Owin](https://www.nuget.org/packages/Microsoft.AspNet.Identity.Owin)    |  \u003c= 2.2.3 | 2.2.4\n\n\n### ASP.NET 6.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)               |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)           |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)     |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)     |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)               |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)               |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)                   |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)                   |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)               |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)                   |  \u003c= 6.0.19 | 6.0.20\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)                   |  \u003c= 6.0.19 | 6.0.20\n\n\n### ASP.NET 7.0\n\nPackage name | Affected version | Patched version\n------------ | ---------------- | -------------------------\n[Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)               |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)           |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)     |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64) |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)     |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)               |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)               |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)                   |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)                   |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)               |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)                   |  \u003c= 7.0.9 | 7.0.9\n[Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)                   |  \u003c= 7.0.9 | 7.0.9\n\n\n\n## Advisory FAQ\n\n### How do I know if I am affected?\n\nIf you have a runtime or SDK with a version listed, or an affected package listed in [affected software](#affected-software), you\u0027re exposed to the vulnerability.\n\n### How do I fix the issue?\n\n* To fix the issue please install the latest version of .NET 6.0 or .NET 7.0. If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET  SDKs.\n* If you are using one of the affected packages, please update to the patched version listed above.\n* If you have .NET 6.0 or greater installed, you can list the versions you have installed by running the `dotnet --info` command. You will see output like the following;\n\n```\n.NET Core SDK (reflecting any global.json):\n\n Version:   6.0.300\n Commit:    8473146e7d\n\nRuntime Environment:\n\n OS Name:     Windows\n OS Version:  10.0.18363\n OS Platform: Windows\n RID:         win10-x64\n Base Path:   C:\\Program Files\\dotnet\\sdk\\6.0.300\\\n\nHost (useful for support):\n\n  Version: 6.0.5\n  Commit:  8473146e7d\n\n.NET Core SDKs installed:\n\n  6.0.300 [C:\\Program Files\\dotnet\\sdk]\n\n.NET Core runtimes installed:\n\n  Microsoft.AspNetCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.AspNetCore.App]\n  Microsoft.NETCore.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.NETCore.App]\n  Microsoft.WindowsDesktop.App 6.0.5 [C:\\Program Files\\dotnet\\shared\\Microsoft.WindowsDesktop.App]\n\nTo install additional .NET Core runtimes or SDKs:\n  https://aka.ms/dotnet-download\n```\n\n* If you\u0027re using .NET 7.0, you should download and install Runtime 7.0.7 or SDK 7.0.106 (for Visual Studio 2022 v17.4) from https://dotnet.microsoft.com/download/dotnet-core/7.0.\n* If you\u0027re using .NET 6.0, you should download and install Runtime 6.0.18 or SDK 6.0.312 (for Visual Studio 2022 v17.2) from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n* If you\u0027re using ASP.NET Core 2.1 and consuming the Microsoft.AspNetCore.Identity package, update that package to version [2.1.39](https://www.nuget.org/packages/Microsoft.AspNetCore.Identity/2.1.39)\n\n.NET 6.0 and and .NET 7.0 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update \u0026 Security and then click Check for Updates.\n\nOnce you have installed the updated runtime or SDK, restart your apps for the update to take effect.\n\nAdditionally, if you\u0027ve deployed [self-contained applications](https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd) targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed.\n\n## Other Information\n\n### Reporting Security Issues\n\nIf you have found a potential security issue in .NET 6.0 or .NET 7.0, please email details to secure@microsoft.com. Reports may qualify for the Microsoft .NET Core \u0026 .NET 5 Bounty. Details of the Microsoft .NET Bounty Program including terms and conditions are at \u003chttps://aka.ms/corebounty\u003e.\n\n### Support\n\nYou can ask questions about this issue on GitHub in the .NET GitHub organization. The main repos are located at https://github.com/dotnet/runtime and https://github.com/dotnet/aspnet/. The Announcements repo (https://github.com/dotnet/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue. You can ask questions in the linked discussion issue.\n\n### Disclaimer\n\nThe information provided in this advisory is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\n\n### External Links\n\n[CVE-2023-33170]( https://www.cve.org/CVERecord?id=CVE-2023-33170)\n\n### Revisions\n\nV1.0 (July 11, 2023): Advisory published.\n\n_Version 1.0_\n\n_Last Updated 2023-07-11_",
  "id": "GHSA-25c8-p796-jg6r",
  "modified": "2024-06-03T18:31:17Z",
  "published": "2023-07-11T22:45:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33170"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dotnet/aspnetcore/issues/49334"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dotnet/aspnetcore"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": " Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability"
}

GHSA-25H5-VGQ2-336R

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30
VLAI
Details

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-21231"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T18:16:23Z",
    "severity": "HIGH"
  },
  "details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows Kernel allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-25h5-vgq2-336r",
  "modified": "2026-02-10T18:30:41Z",
  "published": "2026-02-10T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21231"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21231"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-25RG-6FCP-95MQ

Vulnerability from github – Published: 2022-05-01 06:37 – Updated: 2022-05-01 06:37
VLAI
Details

Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2006-0039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-19T22:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.",
  "id": "GHSA-25rg-6fcp-95mq",
  "modified": "2022-05-01T06:37:08Z",
  "published": "2022-05-01T06:37:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0039"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26583"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10309"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=133465"
    },
    {
      "type": "WEB",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20185"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20671"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20914"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20991"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21476"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22292"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22945"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1097"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1103"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2722971cbe831117686039d5c334f2c0f560be13"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25697"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18113"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-311-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1893"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2554"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-25RP-52G6-GV8J

Vulnerability from github – Published: 2026-04-13 06:30 – Updated: 2026-04-13 06:30
VLAI
Details

UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34857"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-13T05:16:03Z",
    "severity": "MODERATE"
  },
  "details": "UAF vulnerability in the communication module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-25rp-52g6-gv8j",
  "modified": "2026-04-13T06:30:30Z",
  "published": "2026-04-13T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34857"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2026/4"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.

Mitigation
Architecture and Design

Use thread-safe capabilities such as the data access abstraction in Spring.

Mitigation
Architecture and Design
  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Implementation

When using multithreading and operating on shared variables, only use thread-safe functions.

Mitigation
Implementation

Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.

Mitigation
Implementation

Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.

Mitigation
Implementation

Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.

Mitigation
Implementation

Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.

Mitigation
Implementation

Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.