Read Time:35 Second

Description

The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.

When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software’s assumption that the resource will not change, potentially leading to unexpected behaviors.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-667

 

Consequences

Integrity, Availability: Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use a non-conflicting privilege scheme.

Phase: Architecture and Design, Implementation

Description: 

Use synchronization when locking a resource.

CVE References