logo

Deadlock

Incomplete Base
Structure: Simple
Description

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

Common Consequences 1
Scope: Availability

Impact: DoS: Resource Consumption (CPU)DoS: Resource Consumption (Other)DoS: Crash, Exit, or Restart

Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop.
Observed Examples 15
CVE-1999-1476A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock
CVE-2009-2857OS deadlock
CVE-2009-1961OS deadlock involving 3 separate functions
CVE-2009-2699deadlock in library
CVE-2009-4272deadlock triggered by packets that force collisions in a routing table
CVE-2002-1850read/write deadlock between web server and script
CVE-2004-0174web server deadlock involving multiple listening connections
CVE-2009-1388multiple simultaneous calls to the same function trigger deadlock.
CVE-2006-5158chain: other weakness leads to NULL pointer dereference (NULL Pointer Dereference) or deadlock (Deadlock).
CVE-2006-4342deadlock when an operation is performed on a resource while it is being removed.
CVE-2006-2374Deadlock in device driver triggered by using file handle of a related device.
CVE-2006-2275Deadlock when large number of small messages cannot be processed quickly enough.
CVE-2005-3847OS kernel has deadlock triggered by a signal during a core dump.
CVE-2005-3106Race condition leads to deadlock.
CVE-2005-2456Chain: array index error (Improper Validation of Array Index) leads to deadlock (Deadlock)
References 2
The Art of Software Security Assessment
Mark Dowd, John McDonald, and Justin Schuh
Addison Wesley
2006
ID: REF-62
Secure Coding in C and C++
Robert C. Seacord
Addison Wesley
2006
ID: REF-783
Related Attack Patterns
Related Weaknesses
ChildOf: Improper Locking (CWE-667)
ChildOf: Improper Synchronization (CWE-662)
Taxonomy Mapping
  • The CERT Oracle Secure Coding Standard for Java (2011)