CWE

Unlock of a Resource that is not Locked

ID: 832		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Base

Description

The software attempts to unlock a resource that is not locked.

Extended Description

Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks).

Applicable Platforms
None

Common Consequences

Scope	Technical Impact	Notes
Integrity Confidentiality Availability Other	DoS: crash / exit / restart Execute unauthorized code or commands Modify memory Other	Depending on the locking being used, an unlock operation might not have any adverse effects. When effects exist, the most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit; depending on the implementation of the unlocking, memory corruption or code execution could occur.

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-832 ChildOf CWE-667	Weakness	CWE-1000 CWE-699

Demonstrative Examples
None

Observed Examples

1. CVE-2010-4210 : function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
2. CVE-2008-4302 : Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
3. CVE-2009-1243 : OS kernel performs an unlock in some incorrect circumstances, leading to panic.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None