[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Unlock of a Resource that is not Locked

ID: 832Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Base





Description

The software attempts to unlock a resource that is not locked.

Extended Description

Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks).

Applicable Platforms
None

Common Consequences

ScopeTechnical ImpactNotes
Integrity
Confidentiality
Availability
Other
 
DoS: crash / exit / restart
Execute unauthorized code or commands
Modify memory
Other
 
Depending on the locking being used, an unlock operation might not have any adverse effects. When effects exist, the most common consequence will be a corruption of the state of the software, possibly leading to a crash or exit; depending on the implementation of the unlocking, memory corruption or code execution could occur.
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-832 ChildOf CWE-667 Weakness CWE-1000
CWE-699 
 

Demonstrative Examples
None

Observed Examples

  1. CVE-2010-4210 : function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
  2. CVE-2008-4302 : Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
  3. CVE-2009-1243 : OS kernel performs an unlock in some incorrect circumstances, leading to panic.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None

© 2013 SecPod Technologies