Improper LockingID: 667 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software does not properly acquire a lock on a resource, or
it does not properly release a lock on a resource, leading to unexpected
resource state changes and behaviors.
Applicable PlatformsNone
Time Of Introduction
- Architecture and Design
- Implementation
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: resource consumption
(CPU) | Inconsistent locking discipline can lead to deadlock. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Implementation | Libraries or Frameworks | Use industry standard APIs to implement locking mechanism. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-667 ChildOf CWE-894 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following Java snippet, methods are defined to get and set a
long field in an instance of a class that is shared across multiple threads.
Because operations on double and long are nonatomic in Java, concurrent
access may cause unexpected behavior. Thus, all operations on long and
double fields should be synchronized.
- It may seem that the following bit of code achieves thread safety
while avoiding unnecessary synchronization... (Demonstrative Example Id DX-70)
- The following function attempts to acquire a lock in order to
perform operations on a shared resource. (Demonstrative Example Id DX-24)
- This code tries to obtain a lock for a file, then writes to it. (Demonstrative Example Id DX-69)
Observed Examples
- CVE-2009-0935 : Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
- CVE-2010-4210 : function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
- CVE-2008-4302 : Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
- CVE-2009-1243 : OS kernel performs an unlock in some incorrect circumstances, leading to panic.
- CVE-2009-2857 : OS deadlock
- CVE-2009-1961 : OS deadlock involving 3 separate functions
- CVE-2009-2699 : deadlock in library
- CVE-2009-4272 : deadlock triggered by packets that force collisions in a routing table
- CVE-2002-1850 : read/write deadlock between web server and script
- CVE-2004-0174 : web server deadlock involving multiple listening connections
- CVE-2009-1388 : multiple simultaneous calls to the same function trigger deadlock.
- CVE-2006-5158 : chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
- CVE-2006-4342 : deadlock when an operation is performed on a resource while it is being removed.
- CVE-2006-2374 : Deadlock in device driver triggered by using file handle of a related device.
- CVE-2006-2275 : Deadlock when large number of small messages cannot be processed quickly enough.
- CVE-2005-3847 : OS kernel has deadlock triggered by a signal during a core dump.
- CVE-2005-3106 : Race condition leads to deadlock.
- CVE-2005-2456 : Chain: array index error (CWE-129) leads to deadlock (CWE-833)
- CVE-2001-0682 : Program can not execute when attacker obtains a mutex.
- CVE-2002-1914 : Program can not execute when attacker obtains a lock on a critical output file.
- CVE-2002-1915 : Program can not execute when attacker obtains a lock on a critical output file.
- CVE-2002-0051 : Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.
- CVE-2000-0338 : Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.
- CVE-2000-1198 : Chain: Lock files with predictable names. Resultant from randomness.
- CVE-2002-1869 : Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CERT C Secure Coding | POS31-C | Do not unlock or destroy another thread's
mutex | |
CERT Java Secure Coding | VNA00-J | Ensure visibility when accessing shared primitive
variables | |
CERT Java Secure Coding | VNA02-J | Ensure that compound operations on shared variables are
atomic | |
CERT Java Secure Coding | VNA05-J | Ensure atomicity when reading and writing 64-bit
values | |
CERT Java Secure Coding | LCK06-J | Do not use an instance lock to protect shared static
data | |
References:None