CWE-609: Double-Checked Locking

The product uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Double-checked locking refers to the situation where a programmer checks to see if a resource has been initialized, grabs a lock, checks again to see if the resource has been initialized, and then performs the initialization if it has not occurred yet. This should not be done, as it is not guaranteed to work in all languages and on all architectures. In summary, other threads may not be operating inside the synchronous block and are not guaranteed to see the operations execute in the same order as they would appear inside the synchronous block.

CWE-609: Double-Checked Locking

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-609?

How do you prevent CWE-609?

How is CWE-609 detected?

What are the consequences of CWE-609?

References

Stay ahead of CWE-609

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Can precede

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-609?

How do you prevent CWE-609?

How is CWE-609 detected?

What are the consequences of CWE-609?

References

Stay ahead of CWE-609