Comprehensive Categorization: Concurrency

The product calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...

A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker...

The product uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while...

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

The product uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.

The product violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.

System configuration protection may be bypassed during debug mode.

A race condition in the hardware logic results in undermining security guarantees of the system.

The hardware logic for error handling and security checks can incorrectly forward data before the security check is complete.

Register lock bit protection disables changes to system configuration once the bit is set. Some of the protected registers or lock bits become programmable after power...

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.

The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member d...

A product does not check to see if a lock is present before performing sensitive operations on a resource.

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

The product locks a critical resource more times than intended, leading to an unexpected state in the system.

The product unlocks a critical resource more times than intended, leading to an unexpected state in the system.

The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to...

The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the acce...

A write-once register in hardware design is programmable by an untrusted software component earlier than the trusted software component, resulting in a race condition ...

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...

The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk b...

The product defines a function that is used as a handler for more than one signal.

The product uses a signal handler that introduces a race condition.

The product defines a signal handler that calls a non-reentrant function.

The product defines a signal handler that contains code sequences that are not asynchronous-safe, i.e., the functionality is not reentrant, or it can be interrupted.

The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only in...

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the ...

The product attempts to unlock a resource that is not locked.

The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of ...

The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call t...

The product uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.

The product uses the singleton pattern when creating a resource within a multithreaded environment.

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...