Race Condition

Firefox and Thunderbird versions below 148 contain a race condition in the JavaScript garbage collection component that could allow an attacker to access or modify limited data through specially crafted content requiring user interaction. The vulnerability has a CVSS score of 4.2 and currently lacks an available patch.

Multiple usage tokens in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 can be consumed beyond their intended limits due to a race condition in token validation logic where usage checks and database updates are not atomic. An authenticated attacker with access to a valid impersonation token can exploit concurrent requests to bypass usage restrictions and reuse single-use tokens multiple times. Patches are available for affected versions.

DNS rebinding attacks in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 allow authenticated attackers to bypass SSRF protections in GraphQL asset mutations by exploiting a Time-of-Check-Time-of-Use race condition between DNS validation and HTTP requests. Attackers with appropriate GraphQL schema permissions can access blocked IP addresses and internal resources that should be restricted. Public exploit code exists for this vulnerability, which represents a bypass of the previous CVE-2025-68437 fix.

A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

OpenShift versions 1.1.2-alpha and below suffer from a race condition in local JSON persistence that allows authenticated local users to corrupt data stores or cause loss of updates across sessions, study materials, quizzes, and authentication records. The vulnerability stems from non-atomic and insufficiently synchronized file operations that can be exploited through concurrent access to the application's local storage. No patch is currently available.

Unauthenticated OS command injection in MajorDoMo via rc/index.php. EPSS 41.7% — the $param variable is passed unsanitized to shell commands. PoC available.

The Tegra210-QSPI driver in the Linux kernel is vulnerable to a race condition where an unprotected NULL pointer check in the interrupt handler can be exploited by a local attacker with low privileges to cause a denial of service through kernel panic. The vulnerability occurs when the timeout path clears the curr_xfer pointer while the ISR thread is simultaneously accessing it, resulting in a NULL dereference. A patch is available to resolve this issue by properly synchronizing access with spinlock protection.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() Add proper locking in mmp_pdma_residue() to prevent use-after-free when accessing descriptor list and descriptor contents.

A race condition in the Linux kernel's MPTCP address management function allows local attackers with user-level privileges to cause a denial of service through kernel crashes via improper list manipulation without RCU synchronization. The vulnerability exists in mptcp_pm_nl_flush_addrs_doit() where list_splice_init() is called while holding a spinlock, creating unsafe concurrent access conditions. Currently, no patch is available for this medium-severity vulnerability.

A race condition in the Linux kernel NFC subsystem allows local attackers with low privileges to cause a denial of service by triggering a use-after-free condition between rfkill device unregistration and NCI command queue destruction. An attacker can exploit this by closing a virtual NCI device file while rfkill operations are in progress, causing the kernel to access a destroyed work queue. No patch is currently available for this vulnerability.

A race condition in Linux kernel shmem swap entry handling allows local attackers with user privileges to cause denial of service through memory corruption when swap entries are truncated concurrently with other operations. The vulnerability stems from an unprotected order lookup that can become stale before the actual swap entry removal, potentially causing truncation to erase data beyond intended boundaries. No patch is currently available.

A race condition in the Linux kernel's FireWire core transaction handling allows local attackers with low privileges to cause a denial of service by triggering concurrent processing of AR response and AT request completion events without proper synchronization. The vulnerability stems from transaction list enumeration occurring outside the card lock scope, enabling memory corruption or system crashes when exploited. No patch is currently available for this issue.

The Linux kernel netdevsim driver contains a race condition in the bpf_bound_progs list operations where concurrent calls to nsim_bpf_create_prog() and nsim_bpf_destroy_prog() can corrupt the list and trigger kernel crashes. A local attacker with limited privileges can exploit this vulnerability to cause a denial of service by manipulating eBPF program creation and destruction. No patch is currently available for this issue.

A race condition in the Linux kernel's rxrpc subsystem allows local attackers with limited privileges to cause a denial of service by exploiting unsynchronized access to the last_tx_at timestamp variable, potentially triggering load/store tearing on 32-bit architectures. The vulnerability requires local access and specific timing conditions to trigger, but can result in system instability or crash when successfully exploited. No patch is currently available.

A race condition in the Linux kernel's serial driver allows local attackers with low privileges to bypass TTY device linkage during console configuration, potentially enabling unauthorized access to serial console interfaces on Qualcomm SoCs and other affected systems. The vulnerability stems from improper initialization ordering that fails to configure tty->port before uart_configure_port() is called, creating a window where user-space applications can open the console without proper driver linkage. No patch is currently available.

Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549 [CVSS 3.1 LOW]

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability.

Race condition in Apple macOS/iOS symlink handling allows privilege escalation. Fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5.

Unprivileged local users can exploit a race condition in Apple's operating systems (macOS, iOS, iPadOS, tvOS, and visionOS) to escalate privileges to root through improper state handling during concurrent operations. This vulnerability affects multiple OS versions and requires local access with low privileges to trigger, making it exploitable by malicious applications or local attackers. No patch is currently available for this vulnerability.

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. [CVSS 8.1 HIGH]

Rocm contains a vulnerability that allows attackers to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as t (CVSS 7.8).

Rocm contains a vulnerability that allows attackers to corrupt memory resulting in loss of integrity, confidentiality, or availability (CVSS 7.8).

A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability.

Arbitrary PHP code execution in ClipBucket v5 prior to 5.5.3-#40 through a race condition in file upload validation, where files are moved to a web-accessible directory before security checks are performed. An authenticated attacker can exploit the time window between file placement and validation deletion to execute malicious PHP code on the server. Public exploit code exists for this vulnerability.

Authenticated users can exploit a race condition in GitHub Copilot and Visual Studio Code to execute arbitrary code remotely by manipulating file state between verification and use. This vulnerability affects users with network access to these development tools and requires user interaction to trigger. No patch is currently available to address this high-severity flaw.

Windows HTTP.sys contains a race condition between privilege checks and resource access that enables local authenticated users to escalate privileges on Windows 10 21H2, Windows 11 23H2, and Windows Server 2025. An attacker with valid credentials can exploit this timing vulnerability to gain system-level access. No patch is currently available for this vulnerability.

Local privilege escalation in Windows Subsystem for Linux affects Windows 11 23h2 and Windows 10 22h2 through a race condition in shared resource synchronization. An authenticated local attacker can exploit this vulnerability to gain elevated privileges on the system. No patch is currently available for this vulnerability.

Local privilege escalation in Windows Connected Devices Platform Service exploits a race condition in resource synchronization, allowing authenticated attackers to gain elevated privileges on affected Windows systems including Server 2022, Windows 11 25h2, and Windows 10 21h2. The vulnerability requires local access and user interaction is not needed, making it a practical attack vector for users with standard privileges. No patch is currently available.

Windows Kernel privilege escalation vulnerability in Windows 10 21H2 and Windows Server 2012 stems from improper synchronization of concurrent access to shared resources, enabling local authenticated users to gain elevated system privileges. The race condition can be triggered without user interaction and impacts confidentiality, integrity, and availability of the affected system. No patch is currently available.

Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. [CVSS 5.3 MEDIUM]

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. [CVSS 7.9 HIGH]

Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).

MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. [CVSS 7.1 HIGH]

A race condition in the Linux kernel's SCSI error handling mechanism can prevent the error handler from being properly awakened when concurrent command completions occur, causing I/O operations to hang indefinitely. A local attacker with low privileges can trigger this condition through timing-sensitive operations to cause a denial of service. No patch is currently available for this vulnerability.

The Linux kernel's regmap hwspinlock implementation contains a race condition where concurrent threads accessing a shared spinlock flags variable can corrupt IRQ state, potentially leading to denial of service through system hangs or crashes. A local attacker with sufficient privileges can exploit this condition to cause the kernel to become unresponsive. The vulnerability affects Linux systems and currently has no available patch.

BIG-IP Advanced WAF and ASM experience denial of service when processing specific requests under certain conditions, causing the bd process to terminate and disrupting security policy enforcement. An unauthenticated remote attacker can trigger this crash without user interaction, though exploitation requires specific timing and environmental factors. No patch is currently available for affected versions.

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]

jsPDF versions prior to 4.1.0 contain a race condition in the addJS method where a shared module-scoped variable is overwritten during concurrent PDF generation, causing JavaScript payloads and embedded data intended for one user to be included in another user's generated PDF. This cross-user data leakage primarily affects server-side Node.js deployments handling simultaneous requests, allowing attackers to access sensitive information leaked across user sessions. Public exploit code exists for this vulnerability.

BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.

A race condition in Linux kernel routing code allows local authenticated attackers to cause a denial of service by triggering a kernel crash through unsynchronized list operations in rt6_uncached_list_del() and rt_del_uncached_list(). The vulnerability occurs when concurrent CPU operations on list data structures result in use-after-free conditions during list initialization. No patch is currently available for this medium-severity issue.

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. [CVSS 7.8 HIGH]

Linux kernel ublk subsystem suffers from a use-after-free vulnerability in partition scan operations where a race condition between device teardown and asynchronous partition scanning allows local attackers with user privileges to access freed memory, potentially causing denial of service or information disclosure. The vulnerability stems from improper reference counting of disk objects during concurrent operations, affecting all Linux systems with the vulnerable ublk driver. A patch is available to resolve this issue by implementing proper disk reference management in the partition scan worker.

A race condition in the Linux kernel's gpiolib subsystem allows local attackers with privileges to cause a kernel crash by exploiting unprotected access to uninitialized SRCU synchronization structures during concurrent gpiochip driver initialization. An attacker can trigger this vulnerability by causing multiple drivers to call gpiochip_add_data_with_key() simultaneously, resulting in a kernel page fault and denial of service.

Miniserve versions up to 0.32.0 is affected by improper link resolution before file access (CVSS 6.8).

Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. [CVSS 7.5 HIGH]

Arbitrary code execution with Administrator privileges in Rufus versions 4.11 and below due to a race condition in PowerShell script handling within the %TEMP% directory. A local attacker can replace the legitimate Fido script with malicious code between file creation and execution, since Rufus runs elevated but writes to a world-writable location without file locking. Public exploit code exists for this vulnerability, which is fixed in version 4.12_BETA.

Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. [CVSS 3.5 LOW]

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays (e.g. [CVSS 4.8 MEDIUM]

Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.

R Automation Runtime versions up to 6.5 is affected by allocation of resources without limits or throttling (CVSS 6.8).

testable and extendable modules out of your GraphQL server. From 2.2.1 to versions up to 2.4.1 is affected by race condition.

A race condition in Juniper Junos OS on MX10k Series with LC480 or LC2101 line cards allows low-privileged local users to crash line card and potentially chassis daemons by repeatedly executing the 'show system firmware' command. Affected versions include all releases before 21.2R3-S10 and multiple later branches up to 23.2R, with no patch currently available. This denial of service vulnerability requires local access and can be triggered without elevated privileges.

Heap use-after-free in FreeRDP versions before 3.20.1 stems from unsynchronized access to serial channel thread tracking structures, allowing remote attackers to trigger memory corruption and achieve code execution. The vulnerability affects systems using vulnerable FreeRDP versions for remote desktop connections and has public exploit code available. No patch is currently available, requiring users to upgrade to version 3.20.1 or later.

FreeRDP versions prior to 3.20.1 contain a race condition between the RDPGFX virtual channel and SDL rendering threads that enables heap use-after-free when graphics are reset. Public exploit code exists for this vulnerability, allowing attackers to crash the application or potentially execute code in industrial control systems and other environments using vulnerable FreeRDP implementations. A patch is not currently available, leaving affected systems exposed until an update is released.

Outray versions up to 0.1.5 contains a vulnerability that allows attackers to exceed the set number of active tunnels in their subscription plan (CVSS 3.7).

Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]

Privilege escalation in Windows 11 and Windows Server 2025 Capability Access Management Service results from a race condition in resource synchronization, enabling authenticated local users to gain elevated system privileges. The vulnerability affects multiple recent Windows versions (24h2 and 25h2) and currently lacks a patch. No public exploit code has been disclosed, though the attack requires local access and moderate complexity to execute.

Privilege escalation in Windows SMB Server (Server 2025, Windows 11 24H2, Windows 10 22H2) stems from improper synchronization of shared resources during concurrent execution, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires high complexity exploitation but carries high impact across confidentiality, integrity, and availability. No patch is currently available.

Windows SMB Server denial of service via race condition affects Windows 10 21h2, Windows 11 24h2, and Windows Server 2022, allowing authenticated attackers to disrupt service availability through improper synchronization of shared resources. The vulnerability requires network access and specific conditions to trigger but carries no patch availability at this time. Impact is limited to availability with no confidentiality or integrity compromise.

Privilege escalation in Windows SMB Server (versions 10 22h2, 11 23h2, and 11 25h2) stems from improper synchronization of shared resources, allowing authenticated network attackers to elevate privileges. The race condition vulnerability requires specific timing conditions but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Privilege escalation in Windows SMB Server (2022, 2025) stems from improper synchronization of concurrent resource access, enabling authenticated network attackers to gain elevated privileges. The vulnerability requires specific conditions to trigger but provides high-impact unauthorized access when successfully exploited. No patch is currently available for affected systems.

Windows SMB Server contains a race condition in concurrent resource handling that enables authenticated network attackers to escalate privileges on affected systems including Windows 10 22H2, Windows 10 1607, and Windows Server 2025. The vulnerability requires low attack complexity and network access from an authenticated user, but carries high impact across confidentiality, integrity, and availability. No patch is currently available for this HIGH severity issue (CVSS 7.5).

Windows Management Services on Windows 10 and 11 contains a race condition in shared resource synchronization that enables authenticated local users to escalate privileges to system level. The vulnerability affects multiple Windows versions including 22h2, 21h2, and 25h2 builds, with no patch currently available.

Privilege escalation in Windows Management Services on Windows 10 and 11 stems from improper synchronization of shared resources, enabling local authenticated attackers to gain elevated privileges. The race condition can be exploited without user interaction and impacts confidentiality, integrity, and availability across system boundaries. No patch is currently available for this vulnerability.

Privilege escalation in Windows Management Services (Windows 10/11) stems from improper synchronization of shared resources, allowing authenticated local users to gain elevated privileges through race condition exploitation. The vulnerability affects multiple Windows versions including 22H2 and 24H2 builds, with no patch currently available. An attacker with valid credentials can leverage this flaw to escalate from a standard user account to system-level access.

Local privilege escalation in Windows Local Session Manager (LSM) across Windows 11 23h2, Windows Server 2012, and 2019 stems from improper synchronization in shared resource handling, enabling authenticated attackers to elevate privileges on affected systems. The vulnerability requires local access and specific timing conditions to exploit, with no patch currently available. This affects systems running the impacted Windows and Server editions where authenticated users may achieve system-level privileges.

Local privilege escalation in Windows Management Services affects Windows Server 2019, Windows 11 24h2, and Windows Server 2025 through improper synchronization of shared resources, enabling authenticated users to gain elevated system privileges. The vulnerability exploits a race condition that an attacker can trigger without user interaction, though no patch is currently available.

Windows Management Services on Windows 10 and Windows Server 2019 contains a race condition in shared resource synchronization that enables local privilege escalation for authenticated users. An attacker with local access can exploit improper locking mechanisms to gain elevated system privileges. No patch is currently available for this vulnerability.

Windows Management Services on Windows 10 and Windows Server 2022 contain a race condition in shared resource handling that permits authenticated local attackers to escalate privileges to system level. The vulnerability stems from improper synchronization during concurrent operations and affects multiple Windows versions including Windows 10 22H2 and 1809. No patch is currently available for this high-severity issue (CVSS 7.8).

Windows WalletService contains a race condition that permits local privilege escalation on Windows 10 and Windows 11 systems. An unauthenticated attacker with local access can exploit improper synchronization of shared resources to gain elevated privileges. No patch is currently available for this vulnerability.

Privilege escalation via race condition in Windows SMB Server affects Windows 10 21h2, Windows 11 25h2, and Windows Server 2022 23h2, allowing authenticated attackers to gain elevated privileges over the network. The vulnerability stems from improper synchronization when handling concurrent access to shared resources, and no patch is currently available. With a CVSS score of 7.5, this poses a significant risk to organizations using affected Windows versions.

Privilege escalation in the Graphics Kernel on Windows 11 and Linux systems results from improper synchronization of concurrent access to shared resources, allowing authenticated local attackers to gain elevated privileges. The vulnerability requires specific timing conditions to exploit but impacts multiple Windows versions and Linux distributions. No patch is currently available for this race condition vulnerability.

Windows Ancillary Function Driver for WinSock contains a race condition that enables local privilege escalation on affected Windows systems including Server 2008, Server 2019, and Windows 10 22H2. An authenticated attacker can exploit this timing vulnerability to gain elevated privileges with high impact to confidentiality, integrity, and availability. No patch is currently available for this vulnerability.

Privilege escalation in Windows Server 2025 Capability Access Management Service stems from improper synchronization of shared resources, enabling authenticated local users to gain elevated privileges. The race condition requires specific timing conditions but no patch is currently available, leaving affected systems vulnerable to privilege escalation attacks by authorized local users.

Privilege escalation in Windows Tablet UI (TWINUI) subsystem on Windows 10, Windows Server 2022, and Windows Server 2025 stems from improper synchronization of shared resources, enabling authenticated local attackers to gain elevated privileges. The race condition vulnerability affects multiple Windows versions and currently has no available patch.

Windows Installer contains a time-of-check time-of-use race condition that allows authenticated local attackers to escalate privileges on Windows 10 1809, Windows 11 25h2, and Windows Server 2022 23h2. An attacker with local access can exploit the window between permission validation and file operation execution to gain elevated system access. No patch is currently available for this vulnerability.

Privilege escalation in Windows 11 and Windows Server 2025 Capability Access Management Service stems from improper synchronization of shared resources, enabling a local authenticated attacker to gain elevated privileges. The vulnerability exploits a race condition that can be triggered without user interaction, though successful exploitation requires specific timing and system conditions. No patch is currently available for this high-severity issue.

Privilege escalation in the Graphics Kernel affects Linux, Windows Server 2016, and Windows 10 1607 through a race condition in shared resource synchronization. A local authenticated attacker can exploit this vulnerability to gain elevated privileges on the affected system. No patch is currently available for this vulnerability.

Privilege escalation in Windows Kernel Memory affects Windows 10 21h2 and Windows Server 2022 23h2, exploitable by local authenticated users through a race condition between permission checks and memory access. An attacker with local access can leverage this window to gain elevated system privileges. No patch is currently available.

Privilege escalation in Windows Printer Association Object affects Windows 11 and Windows Server 2022/2025 through a race condition in shared resource access. An authenticated local attacker can exploit improper synchronization to gain elevated system privileges. No patch is currently available for this vulnerability.

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffs_epfile_open() can race with removal, ending up with file->private_data pointing to freed object.

In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`.