Read Time:35 Second
Description
The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.
When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software’s assumption that the resource will not change, potentially leading to unexpected behaviors.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Integrity, Availability: Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart
Potential Mitigations
Phase: Architecture and Design
Description:
Use a non-conflicting privilege scheme.
Phase: Architecture and Design, Implementation
Description:
Use synchronization when locking a resource.