Tag Archives: Race Condition within a Thread

CWE-366 – Race Condition within a Thread

Read Time:44 Second

Description

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-362
CWE-662
CWE-662

 

Consequences

Integrity, Other: Alter Execution Logic, Unexpected State

The main problem is that — if a lock is overcome — data could be altered in a bad state.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use locking functionality. This is the recommended solution. Implement some form of locking mechanism around code which alters or reads persistent data in a multithreaded environment.

Phase: Architecture and Design

Description: 

Create resource-locking validation checks. If no inherent locking mechanisms exist, use flags and signals to enforce your own blocking scheme when resources are being used by other threads of execution.

CVE References