SFP Secondary Cluster: Missing Lock

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Missing Lock cluster (SFP19).

Weaknesses

Context Switching Race Condition

A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker...

Double-Checked Locking

The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.

Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Improper Resource Locking

The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource.

Improper Synchronization

The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not...

Missing Lock Check

A product does not check to see if a lock is present before performing sensitive operations on a resource.

Race Condition in Switch

The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.

Race Condition within a Thread

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...

Signal Handler Race Condition

The software uses a signal handler that introduces a race condition.

Unsynchronized Access to Shared Data in a Multithreaded Context

The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.

Use of a Non-reentrant Function in a Concurrent Context

The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call ...

Use of Singleton Pattern Without Synchronization in a Multithreaded Context

The software uses the singleton pattern when creating a resource within a multithreaded environment.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.