Class weakness

Draft

CWE-667: Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

143

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2021-1782
CISA KEV
— Chain: improper locking (CWE-667) leads to race condition (CWE-362), as exploited in the wild per CISA KEV.
CVE-2009-0935 — Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
CVE-2010-4210 — function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
CVE-2008-4302 — Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
CVE-2009-1243 — OS kernel performs an unlock in some incorrect circumstances, leading to panic.
CVE-2009-2857 — OS deadlock
CVE-2009-1961 — OS deadlock involving 3 separate functions
CVE-2009-2699 — deadlock in library
CVE-2009-4272 — deadlock triggered by packets that force collisions in a routing table
CVE-2002-1850 — read/write deadlock between web server and script
CVE-2004-0174 — web server deadlock involving multiple listening connections
CVE-2009-1388 — multiple simultaneous calls to the same function trigger deadlock.
CVE-2006-5158 — chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
CVE-2006-4342 — deadlock when an operation is performed on a resource while it is being removed.
CVE-2006-2374 — Deadlock in device driver triggered by using file handle of a related device.
CVE-2006-2275 — Deadlock when large number of small messages cannot be processed quickly enough.
CVE-2005-3847 — OS kernel has deadlock triggered by a signal during a core dump.
CVE-2005-3106 — Race condition leads to deadlock.
CVE-2005-2456 — Chain: array index error (CWE-129) leads to deadlock (CWE-833)
CVE-2001-0682 — Program can not execute when attacker obtains a mutex.
CVE-2002-1914 — Program can not execute when attacker obtains a lock on a critical output file.
CVE-2002-1915 — Program can not execute when attacker obtains a lock on a critical output file.
CVE-2002-0051 — Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.
CVE-2000-0338 — Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.
CVE-2000-1198 — Chain: Lock files with predictable names. Resultant from randomness.
CVE-2002-1869 — Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.

CWE-667: Improper Locking

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-667?

What CVEs are caused by CWE-667?

How do you prevent CWE-667?

How is CWE-667 detected?

What are the consequences of CWE-667?

Is CWE-667 actively exploited?

References

Stay ahead of CWE-667

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-667?

What CVEs are caused by CWE-667?

How do you prevent CWE-667?

How is CWE-667 detected?

What are the consequences of CWE-667?

Is CWE-667 actively exploited?

References

Stay ahead of CWE-667