Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-765 (关键资源的多重解锁) — Vulnerability Class 1

1 vulnerabilities classified as CWE-765 (关键资源的多重解锁). AI Chinese analysis included.

CWE-765 represents a concurrency weakness where a software component releases a critical resource lock more times than it was acquired, resulting in an unexpected and potentially unstable system state. This flaw typically arises in multi-threaded environments where improper synchronization logic causes duplicate unlock operations on mutexes, semaphores, or other locking mechanisms. Exploitation often leads to race conditions, data corruption, or denial of service, as the resource may become available to unauthorized threads prematurely or cause the system to crash due to invalid state transitions. Developers mitigate this risk by ensuring strict adherence to lock acquisition and release patterns, utilizing RAII (Resource Acquisition Is Initialization) principles to automate resource management, and implementing comprehensive unit tests that simulate concurrent access scenarios to verify that locks are balanced correctly under stress.

MITRE CWE Description
The product unlocks a critical resource more times than intended, leading to an unexpected state in the system. When the product is operating in a concurrent environment and repeatedly unlocks a critical resource, the consequences will vary based on the type of lock, the lock's implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra calls to unlock will increase the count for the number of available resources, likely resulting in a crash or unpredictable behavior when the system nears capacity.
Common Consequences (1)
Availability, IntegrityDoS: Crash, Exit, or Restart, Modify Memory, Unexpected State
Mitigations (1)
ImplementationWhen locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the product acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again.
CVE IDTitleCVSSSeverityPublished
CVE-2024-49602 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.5 Medium2024-12-09

Vulnerabilities classified as CWE-765 (关键资源的多重解锁) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.