CWE-667: Improper Locking
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
常见后果
影响范围: Availability
技术影响: DoS: Resource Consumption (CPU)
说明: Inconsistent locking discipline can lead to deadlock.
潜在缓解措施
阶段: Implementation
策略: Libraries or Frameworks
描述: Use industry standard APIs to implement locking mechanism.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2021-1782
Chain: improper locking (CWE-667) leads to race condition (CWE-362), as exploited in the wild per CISA KEV.
参考: CVE-2009-0935
Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
参考: CVE-2010-4210
function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
参考: CVE-2008-4302
Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
参考: CVE-2009-1243
OS kernel performs an unlock in some incorrect circumstances, leading to panic.
参考: CVE-2009-2857
OS deadlock
参考: CVE-2009-1961
OS deadlock involving 3 separate functions
参考: CVE-2009-2699
deadlock in library
参考: CVE-2009-4272
deadlock triggered by packets that force collisions in a routing table
参考: CVE-2002-1850
read/write deadlock between web server and script
参考: CVE-2004-0174
web server deadlock involving multiple listening connections
参考: CVE-2009-1388
multiple simultaneous calls to the same function trigger deadlock.
参考: CVE-2006-5158
chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
参考: CVE-2006-4342
deadlock when an operation is performed on a resource while it is being removed.
参考: CVE-2006-2374
Deadlock in device driver triggered by using file handle of a related device.
参考: CVE-2006-2275
Deadlock when large number of small messages cannot be processed quickly enough.
参考: CVE-2005-3847
OS kernel has deadlock triggered by a signal during a core dump.
参考: CVE-2005-3106
Race condition leads to deadlock.
参考: CVE-2005-2456
Chain: array index error (CWE-129) leads to deadlock (CWE-833)
参考: CVE-2001-0682
Program can not execute when attacker obtains a mutex.
参考: CVE-2002-1914
Program can not execute when attacker obtains a lock on a critical output file.
参考: CVE-2002-1915
Program can not execute when attacker obtains a lock on a critical output file.
参考: CVE-2002-0051
Critical file can be opened with exclusive read access by user, preventing application of security policy. Possibly related to improper permissions, large-window race condition.
参考: CVE-2000-0338
Chain: predictable file names used for locking, allowing attacker to create the lock beforehand. Resultant from permissions and randomness.
参考: CVE-2000-1198
Chain: Lock files with predictable names. Resultant from randomness.
参考: CVE-2002-1869
Product does not check if it can write to a log file, allowing attackers to avoid logging by accessing the file using an exclusive lock. Overlaps unchecked error condition. This is not quite CWE-412, but close.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | CON31-C | Do not destroy a mutex while it is locked | CWE More Abstract |
| CERT C Secure Coding | POS48-C | Do not unlock or destroy another POSIX thread's mutex | CWE More Abstract |
| The CERT Oracle Secure Coding Standard for Java (2011) | VNA00-J | Ensure visibility when accessing shared primitive variables | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | VNA02-J | Ensure that compound operations on shared variables are atomic | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | VNA05-J | Ensure atomicity when reading and writing 64-bit values | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | LCK06-J | Do not use an instance lock to protect shared static data | - |
| Software Fault Patterns | SFP19 | Missing Lock | - |
| OMG ASCSM | ASCSM-CWE-667 | - |