CWE-833 Detail

CWE-833

Deadlock
Incomplete
2010-12-13
00h00 +00:00
2023-06-29
00h00 +00:00
CWE Mitre.org
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Deadlock

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

General Informations

Common Consequences

Scope Impact Likelihood
AvailabilityDoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart

Note: Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop.

Observed Examples

References Description

CVE-1999-1476

A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock

CVE-2009-2857

OS deadlock

CVE-2009-1961

OS deadlock involving 3 separate functions

CVE-2009-2699

deadlock in library

CVE-2009-4272

deadlock triggered by packets that force collisions in a routing table

CVE-2002-1850

read/write deadlock between web server and script

CVE-2004-0174

web server deadlock involving multiple listening connections

CVE-2009-1388

multiple simultaneous calls to the same function trigger deadlock.

CVE-2006-5158

chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).

CVE-2006-4342

deadlock when an operation is performed on a resource while it is being removed.

CVE-2006-2374

Deadlock in device driver triggered by using file handle of a related device.

CVE-2006-2275

Deadlock when large number of small messages cannot be processed quickly enough.

CVE-2005-3847

OS kernel has deadlock triggered by a signal during a core dump.

CVE-2005-3106

Race condition leads to deadlock.

CVE-2005-2456

Chain: array index error (CWE-129) leads to deadlock (CWE-833)

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Related Attack Patterns

CAPEC-ID Attack Pattern Name
CAPEC-25 Forced Deadlock
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.

References

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

REF-783

Secure Coding in C and C++
Robert C. Seacord.

Submission

Name Organization Date Date release Version
CWE Content Team MITRE 2010-12-12 +00:00 2010-12-13 +00:00 1.11

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2012-05-11 +00:00 updated References
CWE Content Team MITRE 2017-05-03 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2018-03-27 +00:00 updated References
CWE Content Team MITRE 2019-01-03 +00:00 updated Taxonomy_Mappings
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2020-08-20 +00:00 updated Relationships
CWE Content Team MITRE 2021-07-20 +00:00 updated Observed_Examples
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes