Category: SFP Secondary Cluster: Missing Lock
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Missing Lock cluster (SFP19).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-364 | Signal Handler Race Condition | The product uses a signal handler that introduces a race condition. |
| CWE-366 | Race Condition within a Thread | If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. |
| CWE-368 | Context Switching Race Condition | A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch. |
| CWE-413 | Improper Resource Locking | The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource. |
| CWE-414 | Missing Lock Check | A product does not check to see if a lock is present before performing sensitive operations on a resource. |
| CWE-543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context | The product uses the singleton pattern when creating a resource within a multithreaded environment. |
| CWE-567 | Unsynchronized Access to Shared Data in a Multithreaded Context | The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes. |
| CWE-609 | Double-Checked Locking | The product uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient. |
| CWE-662 | Improper Synchronization | The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes. |
| CWE-663 | Use of a Non-reentrant Function in a Concurrent Context | The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state. |
| CWE-667 | Improper Locking | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.