Vulnerabilities > Improper Locking

DATE CVE VULNERABILITY TITLE RISK
2008-09-29 CVE-2008-4302 Improper Locking vulnerability in multiple products
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.
local
low complexity
linux debian redhat CWE-667
5.5
2006-10-17 CVE-2006-4342 Improper Locking vulnerability in Redhat Enterprise Linux 3.0
The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.
local
low complexity
redhat CWE-667
5.5
2006-10-05 CVE-2006-5158 Improper Locking vulnerability in multiple products
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
network
low complexity
linux redhat canonical CWE-667
7.5
2006-06-13 CVE-2006-2374 Improper Locking vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
local
low complexity
microsoft CWE-667
5.5
2006-05-09 CVE-2006-2275 Improper Locking vulnerability in multiple products
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
network
low complexity
lksctp canonical CWE-667
7.5
2005-11-27 CVE-2005-3847 Improper Locking vulnerability in multiple products
The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.
local
low complexity
linux debian CWE-667
5.5
2005-09-30 CVE-2005-3106 Improper Locking vulnerability in multiple products
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
local
high complexity
linux debian canonical CWE-667
4.7
2005-08-04 CVE-2005-2456 Improper Locking vulnerability in multiple products
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
local
low complexity
linux debian CWE-667
5.5
2004-05-04 CVE-2004-0174 Improper Locking vulnerability in Apache Http Server
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
network
low complexity
apache CWE-667
7.5
2002-12-31 CVE-2002-1915 Improper Locking vulnerability in multiple products
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
local
low complexity
openbsd netbsd freebsd CWE-667
5.5