Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2022-23038 | Race Condition vulnerability in multiple products Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. | 7.0 |
| 2022-03-10 | CVE-2022-23039 | Race Condition vulnerability in multiple products Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. | 7.0 |
| 2022-03-10 | CVE-2022-23040 | Race Condition vulnerability in multiple products Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. | 7.0 |
| 2022-03-10 | CVE-2022-23041 | Race Condition vulnerability in multiple products Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. | 7.0 |
| 2022-03-10 | CVE-2022-23042 | Race Condition vulnerability in multiple products Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. | 7.0 |
| 2022-03-10 | CVE-2022-25090 | Race Condition vulnerability in Kofax Printix 1.3.1106.0 Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. | 8.1 |
| 2022-02-18 | CVE-2020-25719 | Race Condition vulnerability in multiple products A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. | 7.2 |
| 2022-02-18 | CVE-2021-20321 | Race Condition vulnerability in multiple products A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. | 4.7 |
| 2022-02-17 | CVE-2021-44731 | Race Condition vulnerability in multiple products A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. | 7.8 |
| 2022-02-16 | CVE-2021-3752 | Race Condition vulnerability in multiple products A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. | 7.1 |