Common Weakness Enumeration

CWE-367

Allowed

Time-of-check Time-of-use (TOCTOU) Race Condition

Abstraction: Base · Status: Incomplete

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

1063 vulnerabilities reference this CWE, most recent first.

GHSA-G696-JHGG-FVFJ

Vulnerability from github – Published: 2023-06-13 18:30 – Updated: 2024-04-04 04:46
VLAI
Details

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T17:15:12Z",
    "severity": "HIGH"
  },
  "details": "Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.",
  "id": "GHSA-g696-jhgg-fvfj",
  "modified": "2024-04-04T04:46:55Z",
  "published": "2023-06-13T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31635"
    },
    {
      "type": "WEB",
      "url": "https://support.hp.com/us-en/document/ish_7149996-7150021-16/hpsbhf03814"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G6GG-3VQF-RFRX

Vulnerability from github – Published: 2024-11-11 21:31 – Updated: 2024-11-12 18:30
VLAI
Details

UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-48322"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-11T20:15:17Z",
    "severity": "HIGH"
  },
  "details": "UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.",
  "id": "GHSA-g6gg-3vqf-rfrx",
  "modified": "2024-11-12T18:30:51Z",
  "published": "2024-11-11T21:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48322"
    },
    {
      "type": "WEB",
      "url": "https://github.com/runcodes-icmc/server/issues/12"
    },
    {
      "type": "WEB",
      "url": "https://github.com/runcodes-icmc/server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/runcodes-icmc/server/releases/tag/v1.5.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trqt/CVE-2024-48322"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G6RR-7JQW-C6HC

Vulnerability from github – Published: 2025-06-12 15:31 – Updated: 2025-06-12 15:31
VLAI
Details

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-12T14:15:29Z",
    "severity": "MODERATE"
  },
  "details": "An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.",
  "id": "GHSA-g6rr-7jqw-c6hc",
  "modified": "2025-06-12T15:31:22Z",
  "published": "2025-06-12T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9512"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/2683469"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/497748"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G76H-FPPR-42RM

Vulnerability from github – Published: 2025-11-04 09:31 – Updated: 2025-11-04 15:31
VLAI
Details

In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435337; Issue ID: MSV-4036.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-04T07:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435337; Issue ID: MSV-4036.",
  "id": "GHSA-g76h-fppr-42rm",
  "modified": "2025-11-04T15:31:34Z",
  "published": "2025-11-04T09:31:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20740"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G77W-7799-J8HQ

Vulnerability from github – Published: 2023-12-21 21:30 – Updated: 2023-12-21 21:30
VLAI
Details

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-21T21:15:14Z",
    "severity": "MODERATE"
  },
  "details": "A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. \n",
  "id": "GHSA-g77w-7799-j8hq",
  "modified": "2023-12-21T21:30:33Z",
  "published": "2023-12-21T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6803"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.4"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.1"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.12"
    },
    {
      "type": "WEB",
      "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G89H-PFWV-VRQ2

Vulnerability from github – Published: 2025-07-31 09:32 – Updated: 2025-07-31 09:32
VLAI
Details

There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component’s state, thus bypass the original security sanitize function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-31T09:15:27Z",
    "severity": "MODERATE"
  },
  "details": "There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings\u2019 context, i.e. system-uid context, thus lead to launchAnyWhere. The core idea is to utilize the time window between the check of Intent and the use to Intent to change the target component\u2019s state, thus bypass the original security sanitize function.",
  "id": "GHSA-g89h-pfwv-vrq2",
  "modified": "2025-07-31T09:32:49Z",
  "published": "2025-07-31T09:32:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8192"
    },
    {
      "type": "WEB",
      "url": "https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60309"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G9HC-4G4X-JGP5

Vulnerability from github – Published: 2025-07-08 18:31 – Updated: 2025-07-08 18:31
VLAI
Details

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-08T17:15:42Z",
    "severity": "MODERATE"
  },
  "details": "Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.",
  "id": "GHSA-g9hc-4g4x-jgp5",
  "modified": "2025-07-08T18:31:45Z",
  "published": "2025-07-08T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48001"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCGX-PVVC-73XM

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-11-18 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

hwmon: (ftsteutates) Fix TOCTOU race in fts_read()

In the fts_read() function, when handling hwmon_pwm_auto_channels_temp, the code accesses the shared variable data->fan_source[channel] twice without holding any locks. It is first checked against FTS_FAN_SOURCE_INVALID, and if the check passes, it is read again when used as an argument to the BIT() macro.

This creates a Time-of-Check to Time-of-Use (TOCTOU) race condition. Another thread executing fts_update_device() can modify the value of data->fan_source[channel] between the check and its use. If the value is changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the BIT() macro will be called with a large shift value (BIT(255)). A bit shift by a value greater than or equal to the type width is undefined behavior and can lead to a crash or incorrect values being returned to userspace.

Fix this by reading data->fan_source[channel] into a local variable once, eliminating the race condition. Additionally, add a bounds check to ensure the value is less than BITS_PER_LONG before passing it to the BIT() macro, making the code more robust against undefined behavior.

This possible bug was found by an experimental static analysis tool developed by our team.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38217"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:30Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (ftsteutates) Fix TOCTOU race in fts_read()\n\nIn the fts_read() function, when handling hwmon_pwm_auto_channels_temp,\nthe code accesses the shared variable data-\u003efan_source[channel] twice\nwithout holding any locks. It is first checked against\nFTS_FAN_SOURCE_INVALID, and if the check passes, it is read again\nwhen used as an argument to the BIT() macro.\n\nThis creates a Time-of-Check to Time-of-Use (TOCTOU) race condition.\nAnother thread executing fts_update_device() can modify the value of\ndata-\u003efan_source[channel] between the check and its use. If the value\nis changed to FTS_FAN_SOURCE_INVALID (0xff) during this window, the\nBIT() macro will be called with a large shift value (BIT(255)).\nA bit shift by a value greater than or equal to the type width is\nundefined behavior and can lead to a crash or incorrect values being\nreturned to userspace.\n\nFix this by reading data-\u003efan_source[channel] into a local variable\nonce, eliminating the race condition. Additionally, add a bounds check\nto ensure the value is less than BITS_PER_LONG before passing it to\nthe BIT() macro, making the code more robust against undefined behavior.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
  "id": "GHSA-gcgx-pvvc-73xm",
  "modified": "2025-11-18T15:30:40Z",
  "published": "2025-07-04T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38217"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14c9ede9ca4cd078ad76a6ab9617b81074eb58bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d646f627d3b7ed1cacca66e598af8bcd632d465"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/83e2ba8971ccd8fc08319fc7593288f070d80a76"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d95d87841d2a575bed3691884e8fedef57d7710d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GF6H-XHG2-GWHX

Vulnerability from github – Published: 2023-06-14 18:30 – Updated: 2024-04-04 04:50
VLAI
Details

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-14T17:15:08Z",
    "severity": "HIGH"
  },
  "details": "Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.",
  "id": "GHSA-gf6h-xhg2-gwhx",
  "modified": "2024-04-04T04:50:32Z",
  "published": "2023-06-14T18:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31641"
    },
    {
      "type": "WEB",
      "url": "https://support.hp.com/us-en/document/ish_6662920-6662944-16/hpsbhf03805"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GF6M-9QPW-5PR4

Vulnerability from github – Published: 2022-06-15 00:00 – Updated: 2022-06-22 00:00
VLAI
Details

Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT",
  "id": "GHSA-gf6m-9qpw-5pr4",
  "modified": "2022-06-22T00:00:51Z",
  "published": "2022-06-15T00:00:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35082"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

The most basic advice for TOCTOU vulnerabilities is to not perform a check before the use. This does not resolve the underlying issue of the execution of a function on a resource whose state and identity cannot be assured, but it does help to limit the false sense of security given by the check.

Mitigation
Implementation

When the file being altered is owned by the current user and group, set the effective gid and uid to that of the current user and group when executing this statement.

Mitigation
Architecture and Design

Limit the interleaving of operations on files from multiple processes.

Mitigation
Implementation Architecture and Design

If you cannot perform operations atomically and you must share access to the resource between multiple processes or threads, then try to limit the amount of time (CPU cycles) between the check and use of the resource. This will not fix the problem, but it could make it more difficult for an attack to succeed.

Mitigation
Implementation

Recheck the resource after the use call to verify that the action was taken appropriately.

Mitigation
Architecture and Design

Ensure that some environmental locking mechanism can be used to protect resources effectively.

Mitigation
Implementation

Ensure that locking occurs before the check, as opposed to afterwards, such that the resource, as checked, is the same as it is when in use.

CAPEC-27: Leveraging Race Conditions via Symbolic Links

This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.