Unlock of a Resource that is not LockedID: 832 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
The software attempts to unlock a resource that is not
locked.
Extended DescriptionDepending on the locking functionality, an unlock of a non-locked resource
might cause memory corruption or other modification to the resource (or its
associated metadata that is used for tracking locks).
Applicable PlatformsNone
Common Consequences
Scope | Technical Impact | Notes |
---|
IntegrityConfidentialityAvailabilityOther | DoS: crash / exit /
restartExecute unauthorized code or
commandsModify memoryOther | Depending on the locking being used, an unlock operation might not
have any adverse effects. When effects exist, the most common
consequence will be a corruption of the state of the software, possibly
leading to a crash or exit; depending on the implementation of the
unlocking, memory corruption or code execution could occur. |
Detection MethodsNone
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-832 ChildOf CWE-667 | Weakness | CWE-1000CWE-699 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2010-4210 : function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
- CVE-2008-4302 : Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
- CVE-2009-1243 : OS kernel performs an unlock in some incorrect circumstances, leading to panic.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None