Skip to main content

Race Condition

web MEDIUM

Race conditions occur when multiple concurrent requests exploit the brief time gap between checking a condition and acting upon it (TOCTOU - Time of Check, Time of Use).

How It Works

Race conditions occur when multiple concurrent requests exploit the brief time gap between checking a condition and acting upon it (TOCTOU - Time of Check, Time of Use). An attacker sends nearly simultaneous requests to manipulate shared state before the application can enforce its business logic. For example, when redeeming a gift voucher, Request A checks the balance, Request B also checks while A is processing, then both complete successfully—redeeming the voucher twice.

Attackers use specialized techniques to achieve precise timing. HTTP/2's multiplexing allows 20-30 requests in a single TCP packet, arriving virtually simultaneously at the server. For HTTP/1.1, "last-byte synchronization" holds back the final byte of multiple requests, then releases them together. These methods reduce network jitter to microseconds, maximizing collision probability.

Advanced attacks include multi-endpoint collisions (hitting different API paths that share state), exploiting partial object construction (accessing resources before initialization completes), and single-endpoint confusion (causing a function to process stale state by overwhelming it with requests).

Impact

  • Financial fraud: Redeeming coupons multiple times, withdrawing beyond account balance, applying discounts repeatedly
  • Authentication bypass: Reusing CAPTCHA tokens, bypassing rate limits on login attempts, exploiting session validation gaps
  • Resource exhaustion: Claiming limited inventory multiple times, booking the same seat/room concurrently
  • Data corruption: Simultaneous writes creating inconsistent database states, inventory counts becoming negative
  • Access control violations: Exploiting privilege checks to access unauthorized resources during state transitions

Real-World Examples

In 2019, security researchers demonstrated race conditions in major e-commerce platforms allowing users to purchase items at massive discounts by applying the same promotional code dozens of times within milliseconds. The applications checked voucher validity but didn't atomically mark them as used.

TOCTOU vulnerabilities have been found in cryptocurrency exchanges where concurrent withdrawal requests could drain more funds than an account held. Attackers automated HTTP/2 packet timing to submit multiple withdrawal requests before the balance update propagated, essentially duplicating money.

File upload race conditions have enabled remote code execution when attackers upload malicious files and execute them before security scanners complete validation-the check happens, but the file runs before removal.

Mitigation

  • Database transactions with row-level locking: Wrap check-and-update logic in ACID transactions with SELECT FOR UPDATE
  • Idempotency keys: Require unique request identifiers; reject duplicates within a time window
  • Uniqueness constraints: Database-level UNIQUE constraints on critical fields (voucher redemptions, order IDs)
  • Atomic operations: Use database built-ins like DECREMENT with bounds checking, compare-and-swap primitives
  • Application-level mutexes: Distributed locks (Redis, memcached) around critical sections, ensuring single execution
  • Rate limiting per resource: Throttle requests per user AND per target resource (not just per IP)
  • Sequence validation: Check monotonically increasing counters or nonces to detect concurrent modification

Recent CVEs (1817)

EPSS 0% CVSS 5.3
MEDIUM This Month

When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Google +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Mozilla +3
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.<br>*This bug only affects Firefox for Windows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft Authentication Bypass +4
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Microsoft +4
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4).

Race Condition Google Privilege Escalation +2
NVD
EPSS 45% CVSS 7.0
HIGH POC THREAT Act Now

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +6
NVD
EPSS 1% CVSS 7.0
HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Race Condition RCE Apple +5
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft +10
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Windows Error Reporting Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Microsoft +4
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Android
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In wlan driver, there is a race condition, This could lead to local denial of service in wlan services. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Android
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In audio driver, there is a use after free due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In isp, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Linux Denial Of Service +2
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.9. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.9. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +6
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Auth. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure WordPress +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Windows Scripting Languages Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft +9
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft Denial Of Service +2
NVD
EPSS 1% CVSS 7.0
HIGH This Week

Windows Bind Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition Information Disclosure Microsoft +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition Information Disclosure Microsoft +7
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Microsoft Denial Of Service +9
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft +7
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Windows Group Policy Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Information Disclosure Microsoft +9
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). No vendor patch available.

Race Condition Information Disclosure Microsoft +10
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Microsoft +10
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Information Disclosure Linux +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

There is a race condition vulnerability in SD upgrade mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Harmonyos +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The iaware module has a vulnerability in thread security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Emui +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Grafana
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

In vcu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In vcu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Denial Of Service +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Race Condition Apple +3
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Race Condition Apple +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A race condition was addressed with improved locking. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Race Condition Apple +3
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A race condition was addressed with improved locking. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Race Condition Apple +5
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Race Condition Apple +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +1
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

A race condition was addressed with improved state handling. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Race Condition Apple Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.6. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.6. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered in the Linux kernel through 6.0.6. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Linux Race Condition Information Disclosure +2
NVD VulDB
EPSS 1% CVSS 8.1
HIGH This Week

A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Synology +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A vulnerability has been found in Linux Kernel and classified as problematic. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Linux Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A vulnerability, which was classified as problematic, was found in Linux Kernel. Rated high severity (CVSS 7.1).

Linux Race Condition Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 2.5
LOW PATCH Monitor

A vulnerability has been found in Linux Kernel and classified as problematic. Rated low severity (CVSS 2.5).

Linux Race Condition Information Disclosure +2
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition Google +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE +10
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Race Condition Information Disclosure +10
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Storage Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Race Condition Information Disclosure +10
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Windows 10 +5
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE +10
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE +10
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE +10
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE +10
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Race Condition RCE +10
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Race Condition Information Disclosure +2
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure +2
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl,. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Race Condition Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Race Condition Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Authenticated (subscriber+) Race Condition vulnerability in Rate my Post - WP Rating System plugin <= 3.3.4 at WordPress allows attackers to increase/decrease votes. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition WordPress Information Disclosure +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The MPTCP module has the race condition vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Emui +2
NVD
EPSS 5% CVSS 7.0
HIGH This Week

Windows ALPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Race Condition Information Disclosure +10
NVD
EPSS 1% CVSS 7.0
HIGH This Week

Windows Photo Import API Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition WordPress Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.19.8. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

In apusys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.0
HIGH This Week

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. Rated high severity (CVSS 7.0). No vendor patch available.

Linux Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

An issue found in linux-kernel that leads to a race condition in rose_connect(). Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition was found in vdsm. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Vdsm +3
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Eternal Terminal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Race Condition Information Disclosure Eternal Terminal
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Race Condition Privilege Escalation Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Race Condition Denial Of Service +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In the Audio HAL, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Google Race Condition Privilege Escalation +2
NVD
Prev Page 12 of 21 Next

Quick Facts

Typical Severity
MEDIUM
Category
web
Total CVEs
1817

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy