[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Deadlock

ID: 833Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Base





Description

The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

Applicable Platforms
None

Common Consequences

ScopeTechnical ImpactNotes
Availability
 
DoS: resource consumption (CPU)
DoS: resource consumption (other)
DoS: crash / exit / restart
 
Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop.
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-833 ChildOf CWE-853 Category CWE-844  

Demonstrative Examples
None

Observed Examples

  1. CVE-2009-2857 : OS deadlock
  2. CVE-2009-1961 : OS deadlock involving 3 separate functions
  3. CVE-2009-2699 : deadlock in library
  4. CVE-2009-4272 : deadlock triggered by packets that force collisions in a routing table
  5. CVE-2002-1850 : read/write deadlock between web server and script
  6. CVE-2004-0174 : web server deadlock involving multiple listening connections
  7. CVE-2009-1388 : multiple simultaneous calls to the same function trigger deadlock.
  8. CVE-2006-5158 : chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
  9. CVE-2006-4342 : deadlock when an operation is performed on a resource while it is being removed.
  10. CVE-2006-2374 : Deadlock in device driver triggered by using file handle of a related device.
  11. CVE-2006-2275 : Deadlock when large number of small messages cannot be processed quickly enough.
  12. CVE-2005-3847 : OS kernel has deadlock triggered by a signal during a core dump.
  13. CVE-2005-3106 : Race condition leads to deadlock.
  14. CVE-2005-2456 : Chain: array index error (CWE-129) leads to deadlock (CWE-833)

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CERT Java Secure Coding LCK08-J
 
Ensure actively held locks are released on exceptional conditions
 
 

References:

  1. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 13, "Synchronization Problems" / "Starvation and Deadlocks", Page 760'. Published on 2006.
  2. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 13, "Starvation and Deadlocks", Page 760.'. Published on 2006.
  3. Robert C. Seacord .Secure Coding in C and C++. Addison Wesley. Section:'Chapter 7, "Concurrency", section "Mutual Exclusion and Deadlock", Page 248.'. Published on 2006.

© 2013 SecPod Technologies