CWE-667

Nombre

Improper Locking

Estado

Draft

Publicado

2008-04-11
00h00 +00:00

Modificado

2025-12-11
00h00 +00:00

Enlaces oficiales

CWE Mitre.org

Notificaciones para un CWE

Manténgase informado sobre cualquier cambio en un CWE específico.

Gestionar notificaciones

Alertas personalizadas

¡Active sus alertas personalizadas!

Para activar sus alertas, solo necesita iniciar sesión en su cuenta gratuita. Si aún no ha iniciado sesión, elija una de las opciones a continuación.

Iniciar sesión en su cuenta Crear una cuenta gratuita

Notificaciones para un CWE

Manténgase informado sobre cualquier cambio en un CWE específico.

Parámetros

Puede especificar un título que se recuperará en las alertas que se enviarán.

Especifique el ID de CWE que desea monitorear.

Planificación

Mes

Cálculo de la próxima ejecución

Día

Día de la semana

Hora

Minuto

Fecha de creación

Última ejecución

Próxima ejecución

Nombre: Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Informaciones generales

Modos de introducción

Architecture and Design
Implementation

Plataformas aplicables

Lenguaje

Class: Not Language-Specific (Undetermined)

Tecnologías

Class: Not Technology-Specific (Undetermined)

Consecuencias comunes

Alcance	Impacto	Probabilidad
Availability	DoS: Resource Consumption (CPU) Note: Inconsistent locking discipline can lead to deadlock.

Ejemplos observados

Referencias	Descripción
CVE-2021-1782	Chain: improper locking (CWE-667) leads to race condition (CWE-362), as exploited in the wild per CISA KEV.
CVE-2009-0935	Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
CVE-2010-4210	function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
CVE-2008-4302	Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
CVE-2009-1243	OS kernel performs an unlock in some incorrect circumstances, leading to panic.
CVE-2009-2857	OS deadlock
CVE-2009-1961	OS deadlock involving 3 separate functions
CVE-2009-2699	deadlock in library
CVE-2009-4272	deadlock triggered by packets that force collisions in a routing table
CVE-2002-1850	read/write deadlock between web server and script
CVE-2004-0174	web server deadlock involving multiple listening connections
CVE-2009-1388	multiple simultaneous calls to the same function trigger deadlock.
CVE-2006-5158	chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
CVE-2006-4342	deadlock when an operation is performed on a resource while it is being removed.
CVE-2006-2374	Deadlock in device driver triggered by using file handle of a related device.
CVE-2006-2275	Deadlock when large number of small messages cannot be processed quickly enough.
CVE-2005-3847	OS kernel has deadlock triggered by a signal during a core dump.
CVE-2005-3106	Race condition leads to deadlock.
CVE-2005-2456	Chain: array index error (CWE-129) leads to deadlock (CWE-833)
CVE-2001-0682	Program can not execute when attacker obtains a mutex.
CVE-2002-1914	Program can not execute when attacker obtains a lock on a critical output file.
CVE-2002-1915	Program can not execute when attacker obtains a lock on a critical output file.
CVE-2002-0051	Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.
CVE-2000-0338	Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.
CVE-2000-1198	Chain: Lock files with predictable names. Resultant from randomness.
CVE-2002-1869	Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.

Mitigaciones potenciales

Phases : Implementation
Use industry standard APIs to implement locking mechanism.

Métodos de detección

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Efectividad : High

Notas de mapeo de vulnerabilidades

Justificación : This CWE entry is a Class and might have Base-level children that would be more appropriate
Comentario : Examine children of this entry to see if there is a better fit

Patrones de ataque relacionados

CAPEC-ID	Nombre del patrón de ataque
CAPEC-25	Forced Deadlock The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.
CAPEC-26	Leveraging Race Conditions The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-27	Leveraging Race Conditions via Symbolic Links This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.

Notas

Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.

Referencias

REF-962

Automated Source Code Security Measure (ASCSM)
Object Management Group (OMG).
http://www.omg.org/spec/ASCSM/1.0/

Envío

Nombre	Organización	Fecha	Fecha de lanzamiento	Version
CWE Content Team	MITRE	2008-04-11 +00:00	2008-04-11 +00:00	Draft 9

Modificaciones

Nombre	Organización	Fecha	Comentario
Sean Eidemiller	Cigital	2008-07-01 +00:00	added/updated demonstrative examples
Eric Dalci	Cigital	2008-07-01 +00:00	updated Potential_Mitigations, Time_of_Introduction
CWE Content Team	MITRE	2008-09-08 +00:00	updated Relationships
CWE Content Team	MITRE	2008-11-24 +00:00	updated Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2009-03-10 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2009-05-27 +00:00	updated Relationships
CWE Content Team	MITRE	2009-07-27 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2010-09-27 +00:00	updated Relationships
CWE Content Team	MITRE	2010-12-13 +00:00	updated Description, Name, Relationships
CWE Content Team	MITRE	2011-06-01 +00:00	updated Common_Consequences, Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2012-05-11 +00:00	updated Demonstrative_Examples, Observed_Examples, Relationships
CWE Content Team	MITRE	2012-10-30 +00:00	updated Potential_Mitigations
CWE Content Team	MITRE	2014-07-30 +00:00	updated Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2017-05-03 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2017-11-08 +00:00	updated Taxonomy_Mappings
CWE Content Team	MITRE	2019-01-03 +00:00	updated References, Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2019-09-19 +00:00	updated Relationships
CWE Content Team	MITRE	2019-09-23 +00:00	updated Description, Maintenance_Notes, Relationships
CWE Content Team	MITRE	2020-02-24 +00:00	updated Relationships, Type
CWE Content Team	MITRE	2020-08-20 +00:00	updated Relationships
CWE Content Team	MITRE	2020-12-10 +00:00	updated Relationships
CWE Content Team	MITRE	2021-03-15 +00:00	updated Demonstrative_Examples
CWE Content Team	MITRE	2022-06-28 +00:00	updated Observed_Examples
CWE Content Team	MITRE	2023-01-31 +00:00	updated Description
CWE Content Team	MITRE	2023-04-27 +00:00	updated Detection_Factors, Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2025-04-03 +00:00	updated Demonstrative_Examples
CWE Content Team	MITRE	2025-12-11 +00:00	updated Applicable_Platforms, Weakness_Ordinalities

Detalle CWE-667