CWE-413
Improper Resource Locking
Description
The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.
When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the product. This might violate the product's assumption that the resource will not change, potentially leading to unexpected behaviors.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart
Potential Mitigations
Use a non-conflicting privilege scheme.
Use synchronization when locking a resource.
CVE-2022-20141Chain: an operating system kernel has insufficent resource locking (CWE-413) leading to a use after free (CWE-416).
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now