Category: Resource Locking Problems
Draft
Summary
Weaknesses in this category are related to improper handling of locks that are used to control access to resources.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-412 | Unrestricted Externally Accessible Lock | This vulnerability occurs when a system correctly checks for a lock's existence, but an unauthorized external actor can control or influence that lock. |
| CWE-413 | Improper Resource Locking | This vulnerability occurs when an application fails to properly lock a shared resource, such as a file or memory location, before performing operations that require exclusive access. |
| CWE-414 | Missing Lock Check | This vulnerability occurs when software fails to verify that a proper synchronization lock is active before accessing or modifying a shared resource, potentially leading to race conditions and data corruption. |
| CWE-609 | Double-Checked Locking | Double-checked locking is an insufficient synchronization pattern where a program checks a resource's state, acquires a lock, and checks the state again before initialization, failing to guarantee thread safety across all systems. |
| CWE-764 | Multiple Locks of a Critical Resource | This vulnerability occurs when a critical resource, such as a file, data structure, or connection, is locked more times than the software logic intended, putting the system into an unstable or unresponsive state. |
| CWE-765 | Multiple Unlocks of a Critical Resource | This vulnerability occurs when a critical resource, like a lock or semaphore, is unlocked more times than it was locked, putting the system into an unexpected and potentially unstable state. |
| CWE-832 | Unlock of a Resource that is not Locked | This vulnerability occurs when a program tries to unlock a resource, such as a mutex or semaphore, that is not currently in a locked state. |
| CWE-833 | Deadlock | Deadlock occurs when two or more threads or processes become permanently stuck, each waiting for the other to release a shared resource like a lock or mutex, preventing any of them from progressing. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.