CWE-368 (上下文切换时的竞争条件) — Vulnerability Class 3

CWE-368 represents a context switching race condition, a logical weakness where a product executes non-atomic actions across security boundaries, allowing attackers to exploit timing gaps. This vulnerability typically arises when a system transitions between contexts, such as a web browser moving from a trusted to an untrusted state. During this brief interval, an adversary can manipulate the environment or modify data, causing the application to misrepresent its behavior or bypass security controls. Developers mitigate this risk by ensuring atomicity in critical operations, effectively preventing context switches during sensitive transitions. Implementing robust locking mechanisms, using thread-safe data structures, and validating state consistency before and after context changes are essential strategies. By eliminating the window of opportunity for race conditions, developers ensure that security boundaries remain intact, thereby preserving the integrity and confidentiality of the application’s execution environment.