Skip to main content

Race Condition

web MEDIUM

Race conditions occur when multiple concurrent requests exploit the brief time gap between checking a condition and acting upon it (TOCTOU - Time of Check, Time of Use).

How It Works

Race conditions occur when multiple concurrent requests exploit the brief time gap between checking a condition and acting upon it (TOCTOU - Time of Check, Time of Use). An attacker sends nearly simultaneous requests to manipulate shared state before the application can enforce its business logic. For example, when redeeming a gift voucher, Request A checks the balance, Request B also checks while A is processing, then both complete successfully—redeeming the voucher twice.

Attackers use specialized techniques to achieve precise timing. HTTP/2's multiplexing allows 20-30 requests in a single TCP packet, arriving virtually simultaneously at the server. For HTTP/1.1, "last-byte synchronization" holds back the final byte of multiple requests, then releases them together. These methods reduce network jitter to microseconds, maximizing collision probability.

Advanced attacks include multi-endpoint collisions (hitting different API paths that share state), exploiting partial object construction (accessing resources before initialization completes), and single-endpoint confusion (causing a function to process stale state by overwhelming it with requests).

Impact

  • Financial fraud: Redeeming coupons multiple times, withdrawing beyond account balance, applying discounts repeatedly
  • Authentication bypass: Reusing CAPTCHA tokens, bypassing rate limits on login attempts, exploiting session validation gaps
  • Resource exhaustion: Claiming limited inventory multiple times, booking the same seat/room concurrently
  • Data corruption: Simultaneous writes creating inconsistent database states, inventory counts becoming negative
  • Access control violations: Exploiting privilege checks to access unauthorized resources during state transitions

Real-World Examples

In 2019, security researchers demonstrated race conditions in major e-commerce platforms allowing users to purchase items at massive discounts by applying the same promotional code dozens of times within milliseconds. The applications checked voucher validity but didn't atomically mark them as used.

TOCTOU vulnerabilities have been found in cryptocurrency exchanges where concurrent withdrawal requests could drain more funds than an account held. Attackers automated HTTP/2 packet timing to submit multiple withdrawal requests before the balance update propagated, essentially duplicating money.

File upload race conditions have enabled remote code execution when attackers upload malicious files and execute them before security scanners complete validation-the check happens, but the file runs before removal.

Mitigation

  • Database transactions with row-level locking: Wrap check-and-update logic in ACID transactions with SELECT FOR UPDATE
  • Idempotency keys: Require unique request identifiers; reject duplicates within a time window
  • Uniqueness constraints: Database-level UNIQUE constraints on critical fields (voucher redemptions, order IDs)
  • Atomic operations: Use database built-ins like DECREMENT with bounds checking, compare-and-swap primitives
  • Application-level mutexes: Distributed locks (Redis, memcached) around critical sections, ensuring single execution
  • Rate limiting per resource: Throttle requests per user AND per target resource (not just per IP)
  • Sequence validation: Check monotonically increasing counters or nonces to detect concurrent modification

Recent CVEs (1816)

EPSS 0% CVSS 7.8
HIGH This Week

A race condition was addressed with additional validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Race Condition Authentication Bypass
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A race condition was addressed with improved locking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Race Condition
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition was addressed with additional validation. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Apple Information Disclosure Race Condition
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups In commit 34488399fa08 ("mm/madvise: add file and shmem support to. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Race Condition Discourse
NVD GitHub
EPSS 0% CVSS 3.1
LOW Monitor

A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Race Condition Kubernetes
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition
NVD
EPSS 0% CVSS 7.5
HIGH This Week

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. [CVSS 7.5 HIGH]

Race Condition RCE
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A flaw was found in the Ansible aap-gateway. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Red Hat
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is. Rated high severity (CVSS 7.0).

Information Disclosure Google Linux +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Cisco +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscache_invalidate() will be asked to. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec_minmax(). Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl_icmp_echo_enable_probe. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: raw: Fix a data-race around sysctl_raw_l3mdev_accept. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthop_compat_mode. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() Yang Jihing reported a race between. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_use_pmtu. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_update_priority. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_fwmark_reflect. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_l3mdev_accept. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_mtu_probing. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_base_mss. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_min_snd_mss. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_threshold. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_interval. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_llm_reports. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_migrate_req. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctl_udp_l3mdev_accept. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_recovery. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a. Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix race in schedule and flush work While booting secondary CPUs, cpus_read_[lock/unlock] is not keeping online cpumask. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: list: fix a data-race around ep->rdllist ep_poll() first calls ep_events_available() with no lock held and checks if ep->rdllist is. Rated medium severity (CVSS 4.7).

Information Disclosure Google Linux +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON:. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbd_alloc_config() and module removal When nbd module is being removing, nbd_alloc_config() may be called. Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. Rated medium severity (CVSS 4.7).

Dell Linux Race Condition +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnic_xmit(). Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call timer start racing with call destruction The rxrpc_call struct has a timer used to handle various timed events. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both. Rated medium severity (CVSS 4.7).

Linux Race Condition Denial Of Service +3
NVD
EPSS 0% CVSS 8.0
HIGH This Week

An issue was discovered in Atos Eviden IDRA before 2.7.1. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Privilege Escalation
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Intel Race Condition +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Intel Race Condition +2
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.6). No vendor patch available.

Intel Race Condition Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Race Condition Privilege Escalation
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM This Month

Race condition in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Race Condition
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Assign job pointer to NULL before signaling the fence In commit e4b5ccd392b9 ("drm/v3d: Ensure job pointer is set to NULL. Rated medium severity (CVSS 4.7).

Google Linux Race Condition +5
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A race condition could have led to private browsing tabs being opened in normal browsing windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Race Condition +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Month

In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Race Condition +2
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition was addressed with additional validation. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Race Condition Apple
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where. Rated medium severity (CVSS 4.7).

Information Disclosure Race Condition Linux
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. Rated medium severity (CVSS 4.7).

Information Disclosure Race Condition Linux +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. Rated high severity (CVSS 7.0).

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA. Rated medium severity (CVSS 6.3).

Buffer Overflow Race Condition Linux +3
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Race Condition Information Disclosure +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Dell Race Condition Information Disclosure +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Microsoft Race Condition Denial Of Service +15
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A flaw was found in rsync. Rated medium severity (CVSS 5.6). No vendor patch available.

Privilege Escalation Race Condition
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down. Rated high severity (CVSS 7.0).

Buffer Overflow Race Condition Linux +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued. Rated medium severity (CVSS 4.7).

Information Disclosure Race Condition Linux +3
NVD
Prev Page 8 of 21 Next

Quick Facts

Typical Severity
MEDIUM
Category
web
Total CVEs
1816

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy