Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-820 (缺失同步机制) — Vulnerability Class 10

10 vulnerabilities classified as CWE-820 (缺失同步机制). AI Chinese analysis included.

CWE-820, Missing Synchronization, is a concurrency weakness where software accesses shared resources without proper coordination mechanisms. This flaw typically arises when multiple threads or processes interact with the same data structure or file simultaneously, assuming exclusive access. Attackers exploit this by triggering race conditions, manipulating the timing of concurrent operations to corrupt data, bypass security checks, or cause denial of service. By influencing the shared resource’s state, adversaries can induce unexpected behaviors that compromise integrity or confidentiality. Developers prevent this by implementing robust synchronization primitives, such as mutexes, semaphores, or locks, to ensure atomic access. Additionally, using thread-safe libraries and designing immutable data structures can eliminate the need for explicit synchronization, thereby reducing the attack surface and ensuring consistent resource states across concurrent executions.

MITRE CWE Description
The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.
Common Consequences (1)
Integrity, Confidentiality, OtherModify Application Data, Read Application Data, Alter Execution Logic
Examples (1)
The following code intends to fork a process, then have both the parent and child processes print a single line.
static void print (char * string) { char * word; int counter; for (word = string; counter = *word++; ) { putc(counter, stdout); fflush(stdout); /* Make timing window a little larger... */ sleep(1); } } int main(void) { pid_t pid; pid = fork(); if (pid == -1) { exit(-2); } else if (pid == 0) { print("child\n"); } else { print("PARENT\n"); } exit(0); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-22163 GPU DDK - Unsafe writing of MMU PT entries on systems with 32-bit host CPU — Graphics DDK 8.4 -2026-03-20
CVE-2022-50238 Microsoft Windows Defender Application Control 安全漏洞 — Windows 7.4 High2025-09-08
CVE-2025-49751 Windows Hyper-V Denial of Service Vulnerability — Windows 10 Version 1607 6.8 Medium2025-08-12
CVE-2025-47999 Windows Hyper-V Denial of Service Vulnerability — Windows 10 Version 1607 6.8 Medium2025-07-08
CVE-2025-47154 Ladybird 安全漏洞 — Ladybird 9.0 Critical2025-05-01
CVE-2025-1445 Hitachi Energy RTU500 安全漏洞 — RTU500 7.5 High2025-03-25
CVE-2024-49114 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2024-12-10
CVE-2024-30387 Junos OS: ACX5448 & ACX710: Due to interface flaps the PFE process can crash — Junos OS 6.5 Medium2024-04-12
CVE-2023-45084 Media caddy removal and reinsertion without reboot may cause data loss — HyperCloud 7.0 High2023-12-05
CVE-2023-2801 Grafana 安全漏洞 — Grafana 7.5 High2023-06-06

Vulnerabilities classified as CWE-820 (缺失同步机制) represent 10 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.