Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-43467 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
network
high complexity
CWE-362
7.5
2024-09-05 CVE-2024-7627 The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function.
network
high complexity
CWE-362
8.1
2024-08-22 CVE-2022-48931 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|----------------------------------- configfs_unregister_subsystem | configfs_unregister_subsystem unlink_group | unlink_group unlink_obj | unlink_obj list_del_init | list_del_init __list_del_entry | __list_del_entry __list_del | __list_del // next == C | next->prev = prev | | next->prev = prev prev->next = next | | // prev == B | prev->next = next Fix this by adding mutex when calling link_group() or unlink_group(), but parent configfs_subsystem is NULL when config_item is root. So I create a mutex configfs_subsystem_mutex.
local
high complexity
linux CWE-362
4.7
2024-08-22 CVE-2022-48941 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some issues with concurrently handling messages from VFs while tearing down the VFs. This change was motivated by crashes caused while tearing down and bringing up VFs in rapid succession. It turns out that the fix actually introduces issues with the VF driver caused because the PF no longer responds to any messages sent by the VF during its .remove routine.
local
high complexity
linux CWE-362
4.7
2024-08-22 CVE-2022-48921 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity.
local
high complexity
linux CWE-362
4.7
2024-08-21 CVE-2022-48898 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes and Aux read/write transaction. At every irq, DP controller have to check isr status of every interrupt sources and service the interrupt if its isr status bits shows interrupts are pending.
local
high complexity
linux CWE-362
4.7
2024-08-13 CVE-2024-38136 Race Condition vulnerability in Microsoft products
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
local
high complexity
microsoft CWE-362
7.0
2024-08-13 CVE-2024-38137 Race Condition vulnerability in Microsoft products
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
local
high complexity
microsoft CWE-362
7.0
2024-08-12 CVE-2024-7589 Race Condition vulnerability in Freebsd
A signal handler in sshd(8) may call a logging function that is not async-signal-safe.
network
high complexity
freebsd CWE-362
8.1
2024-08-06 CVE-2024-6996 Race Condition vulnerability in Google Chrome
Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
network
high complexity
google CWE-362
3.1