Common Consequences
Scope |
Impact |
Likelihood |
Availability | DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart
Note: Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop. | |
Observed Examples
Reference |
Description |
CVE-1999-1476 | A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock |
CVE-2009-2857 | OS deadlock |
CVE-2009-1961 | OS deadlock involving 3 separate functions |
CVE-2009-2699 | deadlock in library |
CVE-2009-4272 | deadlock triggered by packets that force collisions in a routing table |
CVE-2002-1850 | read/write deadlock between web server and script |
CVE-2004-0174 | web server deadlock involving multiple listening connections |
CVE-2009-1388 | multiple simultaneous calls to the same function trigger deadlock. |
CVE-2006-5158 | chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833). |
CVE-2006-4342 | deadlock when an operation is performed on a resource while it is being removed. |
CVE-2006-2374 | Deadlock in device driver triggered by using file handle of a related device. |
CVE-2006-2275 | Deadlock when large number of small messages cannot be processed quickly enough. |
CVE-2005-3847 | OS kernel has deadlock triggered by a signal during a core dump. |
CVE-2005-3106 | Race condition leads to deadlock. |
CVE-2005-2456 | Chain: array index error (CWE-129) leads to deadlock (CWE-833) |
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
CAPEC-ID |
Attack Pattern Name |
CAPEC-25 |
Forced Deadlock The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect. |
References
REF-62
The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.
REF-783
Secure Coding in C and C++
Robert C. Seacord.
Submission
Name |
Organization |
Date |
Date Release |
Version |
CWE Content Team |
MITRE |
2010-12-12 +00:00 |
2010-12-13 +00:00 |
1.11 |
Modifications
Name |
Organization |
Date |
Comment |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences, Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated References |
CWE Content Team |
MITRE |
2017-05-03 +00:00 |
updated Related_Attack_Patterns |
CWE Content Team |
MITRE |
2018-03-27 +00:00 |
updated References |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated Taxonomy_Mappings |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2020-08-20 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2021-07-20 +00:00 |
updated Observed_Examples |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |