Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

DATE CVE VULNERABILITY TITLE RISK
2018-03-26 CVE-2017-18249 Race Condition vulnerability in multiple products
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
local
high complexity
linux debian CWE-362
7.0
2018-03-16 CVE-2017-15834 Race Condition vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.
local
high complexity
google CWE-362
7.0
2018-03-16 CVE-2017-11082 Race Condition vulnerability in Google Android
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs.
local
high complexity
google CWE-362
7.0
2018-03-12 CVE-2017-18224 Race Condition vulnerability in Linux Kernel
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
local
high complexity
linux CWE-362
4.7
2018-03-09 CVE-2018-7995 Race Condition vulnerability in multiple products
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
local
high complexity
linux canonical debian CWE-362
4.7
2018-03-06 CVE-2017-6296 Race Condition vulnerability in multiple products
NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges.
local
high complexity
nvidia google CWE-362
7.0
2018-03-01 CVE-2017-14798 Race Condition vulnerability in multiple products
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
local
high complexity
postgresql suse CWE-362
7.0
2018-02-27 CVE-2017-18203 Race Condition vulnerability in Linux Kernel
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
local
high complexity
linux CWE-362
4.7
2018-02-23 CVE-2017-15829 Race Condition vulnerability in Google Android
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
local
high complexity
google CWE-362
7.0
2018-02-23 CVE-2018-7441 Race Condition vulnerability in Leptonica
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.
local
high complexity
leptonica CWE-362
7.0