Skip to main content

CWE-833

Deadlock

15 CVEs Avg CVSS 5.9 MITRE
0
CRITICAL
2
HIGH
12
MEDIUM
1
LOW
2
POC
0
KEV

Monthly

CVE-2026-10647 MEDIUM PATCH This Month

USB CDC-NCM network driver in Zephyr RTOS through v4.4.0 permanently deadlocks the shared network egress thread when a USB bus suspend coincides with outbound device traffic, requiring a reboot to recover. The defect in `cdc_ncm_send()` ignores the return value of `usbd_ep_enqueue()` and unconditionally blocks on a completion semaphore that only the (never-fired) bulk-IN ISR can signal - halting not just CDC-NCM traffic but all egress on other interfaces sharing the TX thread. No public exploit code or active exploitation has been identified; the trigger is routine USB host power management, making this an availability risk for any embedded Zephyr device using USB virtual Ethernet.

Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-47334 MEDIUM PATCH This Month

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect in Ubuntu-specific AppArmor SAUCE patches, where notification handling code incorrectly sleeps while holding a spinlock. Violating this kernel locking invariant results in kernel panic or deadlock, causing a full system crash or hang. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, low-privilege trigger conditions make it a realistic denial-of-service risk on any multi-user Ubuntu system running the affected kernel versions.

Linux Ubuntu Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-33904 Go MEDIUM PATCH This Month

Ella Core's AMF control plane deadlocks in the SCTP notification handler when processing malformed or stale radio entries, allowing unauthenticated attackers with N2 interface access to hang the entire Access and Mobility Function until manual process restart, completely denying service to all subscribers. The vulnerability (CVSS 6.5, CWE-833 deadlock) stems from improper synchronization in radio cleanup logic combined with stale-entry scanning, and patches are available in version 1.7.0 and later.

Denial Of Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-29172 MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Bsafe Ssl J
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2025-21313 MEDIUM This Month

Windows Security Account Manager (SAM) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 11 24h2 Windows Server 2022 23h2 Windows Server 2025 +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-8447 Maven MEDIUM PATCH This Month

A security issue was discovered in the LRA Coordinator component of Narayana. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2024-47506 HIGH This Week

A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 4.0
8.2
EPSS
0.3%
CVE-2024-0641 MEDIUM PATCH This Month

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0639 MEDIUM PATCH This Month

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42441 PyPI MEDIUM POC PATCH This Month

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

USB CDC-NCM network driver in Zephyr RTOS through v4.4.0 permanently deadlocks the shared network egress thread when a USB bus suspend coincides with outbound device traffic, requiring a reboot to recover. The defect in `cdc_ncm_send()` ignores the return value of `usbd_ep_enqueue()` and unconditionally blocks on a completion semaphore that only the (never-fired) bulk-IN ISR can signal - halting not just CDC-NCM traffic but all egress on other interfaces sharing the TX thread. No public exploit code or active exploitation has been identified; the trigger is routine USB host power management, making this an availability risk for any embedded Zephyr device using USB virtual Ethernet.

Buffer Overflow Information Disclosure Zephyr
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect in Ubuntu-specific AppArmor SAUCE patches, where notification handling code incorrectly sleeps while holding a spinlock. Violating this kernel locking invariant results in kernel panic or deadlock, causing a full system crash or hang. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog, but the low-complexity, low-privilege trigger conditions make it a realistic denial-of-service risk on any multi-user Ubuntu system running the affected kernel versions.

Linux Ubuntu Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Ella Core's AMF control plane deadlocks in the SCTP notification handler when processing malformed or stale radio entries, allowing unauthenticated attackers with N2 interface access to hang the entire Access and Mobility Function until manual process restart, completely denying service to all subscribers. The vulnerability (CVSS 6.5, CWE-833 deadlock) stems from improper synchronization in radio cleanup logic combined with stale-entry scanning, and patches are available in version 1.7.0 and later.

Denial Of Service
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Bsafe Ssl J
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Windows Security Account Manager (SAM) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 11 24h2 +3
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A security issue was discovered in the LRA Coordinator component of Narayana. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Red Hat
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy