logo

Multiple Unlocks of a Critical Resource

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when a critical resource, like a lock or semaphore, is unlocked more times than it was locked, putting the system into an unexpected and potentially unstable state.

Extended Description

In concurrent software, critical sections of code are protected using synchronization mechanisms like mutexes or semaphores. This flaw happens when the unlock or release function is called excessively, disrupting the intended lock/unlock balance. This mismatch corrupts the resource's state management, making subsequent program behavior unreliable. The specific impact depends on the lock type and implementation. For example, with counting semaphores, extra unlocks artificially inflate the available resource count. This can cause a system crash, data corruption, or unpredictable behavior when the pool is exhausted, as the program operates under the false assumption that more resources are available than truly exist.
Common Consequences 1
Scope: AvailabilityIntegrity

Impact: DoS: Crash, Exit, or RestartModify MemoryUnexpected State
Potential Mitigations 1
Phase: Implementation
When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the product acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again.
Observed Examples 1
CVE-2009-0935Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Improper Locking (CWE-667)
ChildOf: Multiple Operations on Resource in Single-Operation Context (CWE-675)
Taxonomy Mapping
  • Software Fault Patterns
Notes
MaintenanceAn alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.