Base weakness

Draft

CWE-368: Context Switching Race Condition

A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions while the browser is transitioning from a trusted to an untrusted domain, or vice versa, and the browser performs the actions on one domain using the trust level and resources of the other domain.

CWE-368: Context Switching Race Condition

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-368?

What CVEs are caused by CWE-368?

How is CWE-368 detected?

What are the consequences of CWE-368?

Is CWE-368 actively exploited?

References

Stay ahead of CWE-368

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Illustrative examples

Related weaknesses

Parent

Can also be

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-368?

What CVEs are caused by CWE-368?

How is CWE-368 detected?

What are the consequences of CWE-368?

Is CWE-368 actively exploited?

References

Stay ahead of CWE-368