SFP Secondary Cluster: Missing Lock
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Missing Lock cluster (SFP19).
A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker...
The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.
The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not...
A product does not check to see if a lock is present before performing sensitive operations on a resource.
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...
The software uses a signal handler that introduces a race condition.
The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.
The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call ...
The software uses the singleton pattern when creating a resource within a multithreaded environment.
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).