← Back
CWE-667

675 CVEs • Abstraction: Class

Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

JSON object

Loading...

CVEs (675)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-0641
2Linux
Redhat
2Enterprise Linux
Linux Kernel
Nov 21, 2024
Jan 17, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially cr...Show more
A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.Show less
CVE-2024-0639
2Linux
Redhat
2Enterprise Linux
Linux Kernel
Nov 21, 2024
Jan 17, 2024
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock a...Show more
A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.Show less
CVE-2023-34320
2Arm
Xen
2Cortex A77 Firmware
Xen
Nov 4, 2025
Dec 8, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a st...Show more
Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. Show less
CVE-2023-44298
1Dell
13Poweredge C6620 Firmware
Poweredge Hs5610 FirmwarePoweredge Hs5620 Firmware+10 more
Nov 21, 2024
Dec 5, 2023
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, lea...Show more
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service. Show less
CVE-2023-44297
1Dell
13Poweredge C6620 Firmware
Poweredge Hs5610 FirmwarePoweredge Hs5620 Firmware+10 more
Nov 21, 2024
Dec 5, 2023
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, lea...Show more
Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information disclosure, information tampering, code execution, denial of service. Show less
CVE-2023-3889
1Arm
1Valhall Gpu Kernel Driver
Mar 24, 2025
Nov 7, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory.
CVE-2023-3781
1Google
1Android
Nov 21, 2024
Oct 11, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-44119
1Huawei
2Emui
Harmonyos
Nov 21, 2024
Oct 11, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.
CVE-2023-42441
1Vyperlang
1Vyper
Nov 21, 2024
Sep 18, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reent...Show more
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.Show less
CVE-2023-38505
1Dietpi Dashboard Project
1Dietpi Dashboard
Nov 21, 2024
Jul 27, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume...Show more
DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.Show less
CVE-2023-3750
1Redhat
2Enterprise Linux
Libvirt
Nov 21, 2024
Jul 24, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another th...Show more
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.Show less
CVE-2023-33951
2Linux
Redhat
4Enterprise Linux
Enterprise Linux For Real TimeEnterprise Linux For Real Time For Nfv+1 more
Feb 18, 2026
Jul 24, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This...Show more
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.Show less
CVE-2023-32258
2Linux
Netapp
5H300s
H410sH500s+2 more
Nov 21, 2024
Jul 24, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper lock...Show more
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.Show less
CVE-2023-32257
2Linux
Netapp
6H300s
H410sH500s+3 more
Nov 21, 2024
Jul 24, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of pro...Show more
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.Show less
CVE-2023-2430
1Linux
1Linux Kernel
Mar 6, 2025
Jul 23, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.
CVE-2023-0160
2Fedoraproject
Linux
2Fedora
Linux Kernel
Nov 21, 2024
Jul 18, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.
CVE-2023-21400
2Debian
Google
2Android
Debian Linux
Feb 13, 2025
Jul 13, 2023
N/A· v4
6.7 MEDIUM· v3
N/A· v2
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User int...Show more
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21189
1Google
1Android
Nov 21, 2024
Jun 28, 2023
N/A· v4
7.3 HIGH· v3
N/A· v2
In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges nee...Show more
In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596Show less
CVE-2023-3436
1Xpdfreader
1Xpdf
Nov 21, 2024
Jun 27, 2023
N/A· v4
3.3 LOW· v3
N/A· v2
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
CVE-2023-21120
1Google
1Android
Nov 21, 2024
Jun 15, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...Show more
In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673Show less