Unlock of a Resource that is not Locked
|ID: 832||Date: (C)2012-05-14 (M)2012-11-08|
|Type: weakness||Status: INCOMPLETE|
|Abstraction Type: Base|
The software attempts to unlock a resource that is not
Extended DescriptionDepending on the locking functionality, an unlock of a non-locked resource
might cause memory corruption or other modification to the resource (or its
associated metadata that is used for tracking locks).
|IntegrityConfidentialityAvailabilityOther ||DoS: crash / exit /
restartExecute unauthorized code or
commandsModify memoryOther ||Depending on the locking being used, an unlock operation might not
have any adverse effects. When effects exist, the most common
consequence will be a corruption of the state of the software, possibly
leading to a crash or exit; depending on the implementation of the
unlocking, memory corruption or code execution could occur. |
|CWE-832 ChildOf CWE-667 ||Weakness ||CWE-1000CWE-699 || |
- CVE-2010-4210 : function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
- CVE-2008-4302 : Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
- CVE-2009-1243 : OS kernel performs an unlock in some incorrect circumstances, leading to panic.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None