CWE-362— Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
2,125 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-362page 23 of 43
- CVE-2022-41044HIGHCVSS 8.1EG 8.12022-11-09
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-41045HIGHCVSS 7.8EG 7.82022-11-09
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- CVE-2022-41086MEDIUMCVSS 6.4EG 6.42022-11-09
Windows Group Policy Elevation of Privilege Vulnerability
- CVE-2022-41088HIGHCVSS 8.1EG 8.12022-11-09
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2022-41090MEDIUMCVSS 5.9EG 5.92022-11-09
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- CVE-2022-41093HIGHCVSS 7.8EG 7.82022-11-09
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- CVE-2022-41100HIGHCVSS 7.8EG 7.82022-11-09
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
- CVE-2022-41114HIGHCVSS 7.0EG 7.02022-11-09
Windows Bind Filter Driver Elevation of Privilege Vulnerability
- CVE-2022-41116MEDIUMCVSS 5.9EG 5.92022-11-09
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
- CVE-2022-41118HIGHCVSS 7.5EG 7.52022-11-09
Windows Scripting Languages Remote Code Execution Vulnerability
- CVE-2022-4129MEDIUMCVSS 5.5EG 5.52022-11-28
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system…
- CVE-2022-41848MEDIUMCVSS 4.2EG 4.22022-09-30
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioc…
- CVE-2022-41849MEDIUMCVSS 4.2EG 4.22022-09-30
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and…
- CVE-2022-41850MEDIUMCVSS 4.7EG 4.72022-09-30
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
- CVE-2022-42770MEDIUMCVSS 4.7EG 4.72022-12-06
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.
- CVE-2022-42771MEDIUMCVSS 4.7EG 4.72022-12-06
In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.
- CVE-2022-42791HIGHCVSS 7.0EG 7.02022-11-01
A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2022-42803HIGHCVSS 7.0EG 7.02022-11-01
A race condition was addressed with improved locking. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1. An app may be able to execute arbitrary cod…
- CVE-2022-42806HIGHCVSS 7.0EG 7.02022-11-01
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2022-42831MEDIUMCVSS 6.4EG 6.42022-11-01
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
- CVE-2022-42832MEDIUMCVSS 6.4EG 6.42022-11-01
A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.
- CVE-2022-42864HIGHCVSS 7.0EG 7.02022-12-15
A race condition was addressed with improved state handling. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may…
- CVE-2022-42930HIGHCVSS 7.1EG 7.12022-12-22
If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.
- CVE-2022-42951HIGHCVSS 8.1EG 8.12023-02-06
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authenticati…
- CVE-2022-44032MEDIUMCVSS 6.4EG 6.42022-10-30
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condit…
- CVE-2022-44033MEDIUMCVSS 6.4EG 6.42022-10-30
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condit…
- CVE-2022-44034MEDIUMCVSS 6.4EG 6.42022-10-30
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condit…
- CVE-2022-44551CRITICALCVSS 9.8EG 9.82022-11-09
The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
- CVE-2022-44563MEDIUMCVSS 5.9EG 5.92022-11-09
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2022-44669HIGHCVSS 7.0EG 7.02022-12-13
Windows Error Reporting Elevation of Privilege Vulnerability
- CVE-2022-44676HIGHCVSS 8.1EG 8.12022-12-13
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
- CVE-2022-45869MEDIUMCVSS 5.5EG 4.72022-11-30
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
- CVE-2022-45884HIGHCVSS 7.0EG 7.02022-11-25
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
- CVE-2022-45885HIGHCVSS 7.0EG 7.02022-11-25
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
- CVE-2022-45886HIGHCVSS 7.0EG 7.02022-11-25
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
- CVE-2022-45887MEDIUMCVSS 4.7EG 4.72022-11-25
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
- CVE-2022-45888MEDIUMCVSS 6.4EG 6.42022-11-25
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
- CVE-2022-46174MEDIUMCVSS 4.2EG 4.22022-12-28
efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helpe…
- CVE-2022-46689HIGHCVSS 7.0EG 9.02022-12-15
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may b…
- CVE-2022-46713MEDIUMCVSS 4.7EG 4.72023-02-27
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.
- CVE-2022-47331MEDIUMCVSS 4.7EG 4.72023-02-12
In wlan driver, there is a race condition. This could lead to local denial of service in wlan services.
- CVE-2022-48221HIGHCVSS 7.5EG 7.52023-04-04
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. T…
- CVE-2022-48366LOWCVSS 3.7EG 3.72023-03-12
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
- CVE-2022-48451MEDIUMCVSS 4.1EG 4.12023-07-12
In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.
- CVE-2022-48509MEDIUMCVSS 5.9EG 5.92023-07-06
Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.
- CVE-2022-48566MEDIUMCVSS 5.9EG 8.12023-08-22
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
- CVE-2022-48613MEDIUMCVSS 5.9EG 5.92023-11-08
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.
- CVE-2022-48689HIGHCVSS 7.0EG 7.02024-05-03
In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed,…
- CVE-2022-48745MEDIUMCVSS 4.7EG 4.72024-06-20
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use del_timer_sync in fw reset flow of halting poll Substitute del_timer() with del_timer_sync() in fw reset polling deactivation flow, in order to prevent a r…
- CVE-2022-48759HIGHCVSS 7.0EG 7.02024-06-20
In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg…
Map vulnerabilities like CWE-362 to your infrastructure
EchelonGraph correlates every CVE — across CWE-362 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →