CWE-833
Alerte pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Deadlock
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
Informations
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Availability | DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart Note: Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop. |
Observed Examples
| Reference | Description |
|---|---|
| A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock | |
| OS deadlock | |
| OS deadlock involving 3 separate functions | |
| deadlock in library | |
| deadlock triggered by packets that force collisions in a routing table | |
| read/write deadlock between web server and script | |
| web server deadlock involving multiple listening connections | |
| multiple simultaneous calls to the same function trigger deadlock. | |
| chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833). | |
| deadlock when an operation is performed on a resource while it is being removed. | |
| Deadlock in device driver triggered by using file handle of a related device. | |
| Deadlock when large number of small messages cannot be processed quickly enough. | |
| OS kernel has deadlock triggered by a signal during a core dump. | |
| Race condition leads to deadlock. | |
| Chain: array index error (CWE-129) leads to deadlock (CWE-833) |
Vulnerability Mapping Notes
Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Related Attack Patterns
| CAPEC-ID | Attack Pattern Name |
|---|---|
| CAPEC-25 | Forced Deadlock The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect. |
References
REF-62
The Art of Software Security AssessmentMark Dowd, John McDonald, Justin Schuh.
REF-783
Secure Coding in C and C++Robert C. Seacord.
Submission
| Name | Organization | Date | Date Release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 1.11 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
2024©
tesweb SA
