Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23084

Summary
Assigner-freebsd
Assigner Org ID-63664ac6-956c-4cba-a5d0-f46076e16109
Published At-15 Feb, 2024 | 04:52
Updated At-13 Feb, 2025 | 16:28
Rejected At-
Credits

Potential jail escape vulnerabilities in netmap

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:freebsd
Assigner Org ID:63664ac6-956c-4cba-a5d0-f46076e16109
Published At:15 Feb, 2024 | 04:52
Updated At:13 Feb, 2025 | 16:28
Rejected At:
â–¼CVE Numbering Authority (CNA)
Potential jail escape vulnerabilities in netmap

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

Affected Products
Vendor
FreeBSD FoundationFreeBSD
Product
FreeBSD
Modules
  • netmap
Default Status
unknown
Versions
Affected
  • From 13.1-RC1 before p1 (release)
  • From 13.0-RELEASE before p11 (release)
  • From 12.3-RELEASE before p5 (release)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Reno Robert
finder
Lucas Leong (@_wmliang_)
finder
Trend Micro Zero Day Initiative
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc
vendor-advisory
https://security.netapp.com/advisory/ntap-20240419-0003/
N/A
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc
Resource:
vendor-advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20240419-0003/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc
vendor-advisory
x_transferred
https://security.netapp.com/advisory/ntap-20240419-0003/
x_transferred
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240419-0003/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
FreeBSD Foundationfreebsd
Product
freebsd
CPEs
  • cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 13.1-rc1 before p1 (custom)
  • From 13.0-release before p11 (custom)
  • From 12.3-release before p5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-367CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Type: CWE
CWE ID: CWE-367
Description: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secteam@freebsd.org
Published At:15 Feb, 2024 | 05:15
Updated At:09 Dec, 2024 | 17:27

The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. This time-of-check to time-of-use bug could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged process running in a jail can affect the host environment.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
FreeBSD Foundation
freebsd
>>freebsd>>Versions from 12.0(inclusive) to 12.3(exclusive)
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>12.3
cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:-:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:beta1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:beta2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:beta3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:beta3-p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:beta4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p10:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p6:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p7:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p8:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:p9:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:rc1:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:rc2:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:rc3:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:rc4:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:rc5:*:*:*:*:*:*
FreeBSD Foundation
freebsd
>>freebsd>>13.0
cpe:2.3:o:freebsd:freebsd:13.0:rc5-p1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-367Primarynvd@nist.gov
CWE-367Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-367
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-367
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.ascsecteam@freebsd.org
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240419-0003/secteam@freebsd.org
Third Party Advisory
https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.ascaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240419-0003/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc
Source: secteam@freebsd.org
Resource:
Vendor Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20240419-0003/
Source: secteam@freebsd.org
Resource:
Third Party Advisory
Hyperlink: https://security.freebsd.org/advisories/FreeBSD-SA-22:04.netmap.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20240419-0003/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

86Records found
CVE-2026-20831
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.35%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-13 Feb, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_server_2008windows_11_23h2windows_11_25h2windows_server_2012Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2012 R2Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 11 Version 25H2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-33046
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:46
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwarewsa8845_firmwarewsa8832wsa8840qam8295p_firmwareqca6595qcs8550_firmwareqca8081_firmwarear8035_firmwareqca6696qrb5165mqca6698aq_firmwarewcd9385qcn9012wcd9395_firmwareqcn6024snapdragon_8_gen_2_mobile_platformqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresg8275pwsa8832_firmwareqca8337_firmwaresnapdragon_x70_modem-rf_system_firmwareqca8337wcd9395ssg2125psg8275p_firmwareqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqam8295pqcs8250_firmwareqca6574auwcd9390sa8540p_firmwareflight_rb5_5g_platformvideo_collaboration_vc5_platformwsa8845h_firmwaresm8550p_firmwareqcm8550sa9000p_firmwaresnapdragon_x65_5g_modem-rf_systemqcn9024snapdragon_x65_5g_modem-rf_system_firmwareqrb5165n_firmwarewsa8835wsa8840_firmwaresxr2230p_firmwareqca6391_firmwareqcn9011snapdragon_ar2_gen_1_platformsa8295p_firmwareqca6696_firmwareqcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformqcn6024_firmwarewsa8845hwcd9380_firmwareqca8081wsa8830sm8550pssg2115pqcn9011_firmwareflight_rb5_5g_platform_firmwarear8035sa8540pqrb5165m_firmwareqca6595_firmwareqcs7230fastconnect_6900fastconnect_7800_firmwarerobotics_rb5_platformqca6391snapdragon_x70_modem-rf_systemqcn9012_firmwareqca6698aqssg2125p_firmwarewcd9385_firmwareqrb5165nfastconnect_6900_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwarewcd9380qcs8550sxr2230pfastconnect_7800snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845wsa8835_firmwaresxr1230pssg2115p_firmwarevideo_collaboration_vc5_platform_firmwareqcs8250sa9000psnapdragon_8\+_gen_2_mobile_platformwsa8830_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33154
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.13% / 77.94%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Partition Management Driver Elevation of Privilege Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-14677
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-14674
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-1337
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-53.33% / 97.91%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 19:12
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-22883
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.92%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local Privilege Escalation in Zoom for Windows Installers

Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meetingsZoom Client for Meetings for IT Admin Windows installers
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-14675
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-15 Jul, 2020 | 17:34
Updated-27 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-21537
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.43% / 62.32%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-01 Jan, 2025 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_8.1windows_rt_8.1windows_11_21h2windows_7windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-2007
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.66%
||
7 Day CHG-0.00%
Published-24 Apr, 2023 | 00:00
Updated-02 Aug, 2024 | 06:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-debian_linuxlinux_kernelh500sh410s_firmwaresolidfire_\&_hci_management_nodeh700s_firmwareh300s_firmwareh500s_firmwareh410c_firmwareh410sh410ch300sh700sLinux kernel's DPT I2O Controller driver
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-667
Improper Locking
CVE-2023-20578
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 22.63%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:52
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_9224epyc_7303epyc_7f32epyc_9754s_firmwareepyc_7272_firmwareepyc_7313pepyc_7402p_firmwareepyc_7663_firmwareepyc_7301epyc_7662_firmwareepyc_9254_firmwareepyc_7203pepyc_7313p_firmwareepyc_9174f_firmwareepyc_9384x_firmwareepyc_7551_firmwareepyc_7232p_firmwareepyc_7443pepyc_9634epyc_7203epyc_7252_firmwareepyc_7551pepyc_7742epyc_7262epyc_8324pepyc_7663epyc_9124_firmwareepyc_7713epyc_7371_firmwareepyc_9684xepyc_7351p_firmwareepyc_7262_firmwareepyc_7501epyc_7552epyc_7451_firmwareepyc_8434pn_firmwareepyc_9454p_firmwareepyc_7773x_firmwareepyc_7302p_firmwareepyc_9754sepyc_72f3_firmwareepyc_7543pepyc_7573x_firmwareepyc_8534pnepyc_7702p_firmwareepyc_7702pepyc_7702_firmwareepyc_9124epyc_9224_firmwareepyc_7502epyc_7513_firmwareepyc_8534pepyc_7763epyc_8224p_firmwareepyc_7h12_firmwareepyc_7281epyc_9754_firmwareepyc_7543_firmwareepyc_7001_firmwareepyc_8024pnepyc_7473xepyc_75f3epyc_8434pepyc_9354epyc_8434pnepyc_74f3epyc_7303pepyc_9474fepyc_9634_firmwareepyc_7502p_firmwareepyc_7302pepyc_9684x_firmwareepyc_9384xepyc_8534p_firmwareepyc_9554pepyc_72f3epyc_7552_firmwareepyc_7272epyc_8224pnepyc_8124p_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_9334_firmwareepyc_74f3_firmwareepyc_7282_firmwareepyc_7473x_firmwareepyc_7281_firmwareepyc_7001epyc_7f72_firmwareepyc_7642_firmwareepyc_7401epyc_7f52_firmwareepyc_7f72epyc_9734epyc_7502pepyc_7551p_firmwareepyc_9184xepyc_7371epyc_9654epyc_8324pnepyc_8124pnepyc_7663pepyc_7343epyc_7313epyc_7402_firmwareepyc_7402pepyc_9454_firmwareepyc_7742_firmwareepyc_7542_firmwareepyc_8124pn_firmwareepyc_7413_firmwareepyc_9654p_firmwareepyc_9474f_firmwareepyc_9534epyc_9374fepyc_7643_firmwareepyc_7261epyc_7452_firmwareepyc_7642epyc_7401_firmwareepyc_7f32_firmwareepyc_7203p_firmwareepyc_7543p_firmwareepyc_7601epyc_9654_firmwareepyc_7251epyc_7352_firmwareepyc_9554_firmwareepyc_7763_firmwareepyc_9654pepyc_9454pepyc_7252epyc_7232pepyc_7543epyc_7301_firmwareepyc_7713_firmwareepyc_7643epyc_7663p_firmwareepyc_7662epyc_8224pn_firmwareepyc_7351epyc_7502_firmwareepyc_9274f_firmwareepyc_7532epyc_7501_firmwareepyc_7343_firmwareepyc_7643pepyc_7702epyc_7573xepyc_9534_firmwareepyc_7302epyc_7303_firmwareepyc_7513epyc_9184x_firmwareepyc_7413epyc_7453epyc_9354_firmwareepyc_8224pepyc_9374f_firmwareepyc_7443p_firmwareepyc_75f3_firmwareepyc_7h12epyc_7401p_firmwareepyc_7282epyc_7251_firmwareepyc_7373x_firmwareepyc_9254epyc_9354p_firmwareepyc_7551epyc_8024pepyc_7443_firmwareepyc_7443epyc_8024p_firmwareepyc_7203_firmwareepyc_7402epyc_9554p_firmwareepyc_7313_firmwareepyc_7601_firmwareepyc_9734_firmwareepyc_7643p_firmwareepyc_7542epyc_7452epyc_7352epyc_7261_firmwareepyc_8324p_firmwareepyc_9354pepyc_7451epyc_9174fepyc_7351_firmwareepyc_7773xepyc_7373xepyc_7532_firmwareepyc_73f3epyc_8434p_firmwareepyc_9274fepyc_8534pn_firmwareepyc_7713pepyc_9754epyc_7401pepyc_7f52epyc_8124pepyc_9454epyc_8324pn_firmwareepyc_9334epyc_7302_firmwareepyc_8024pn_firmwareepyc_73f3_firmwareepyc_7303p_firmwareepyc_9554epyc_7351pAMD EPYCâ„¢ Embedded 3000AMD Ryzenâ„¢ Embedded 7000AMD EPYCâ„¢ 7001 ProcessorsAMD Ryzenâ„¢ 6000 Series Processors with Radeonâ„¢ GraphicsAMD EPYCâ„¢ 7003 ProcessorsAMD EPYCâ„¢ Embedded 7003AMD EPYCâ„¢ 9004 ProcessorsAMD EPYCâ„¢ 7002 ProcessorsAMD RyzenTM Embedded V3000AMD Ryzenâ„¢ 7035 Series Processors with Radeonâ„¢ GraphicsAMD EPYCâ„¢ Embedded 9003AMD EPYCâ„¢ Embedded 7002AMD Ryzenâ„¢ Threadripperâ„¢ PRO 5000WX ProcessorsAMD Ryzenâ„¢ 7020 Series Processors with Radeonâ„¢ GraphicsAMD Ryzenâ„¢ 7000 Series Desktop Processorsepyc_embedded_7002epyc_embedded_7003epyc_embedded_3000epyc_7001epyc_embedded_9003epyc_7002epyc_9004ryzen_embedded_7000ryzen_embedded_v3000
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-1295
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.83%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 11:08
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel

A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.

Action-Not Available
Vendor-Linux Kernel Organization, IncNetApp, Inc.
Product-linux_kernelh500sh410sh410ch300sh700sLinux Kernel
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-20074
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.01% / 2.42%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:58
Updated-14 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Connectivity Performance Suite software installers
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-3701
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.11%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 19:38
Updated-09 Sep, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_update_pluginhardware_scan_pluginhardware_scan_addinVantage SystemUpdate Pluginvantage_systemupdate_plugin
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-1380
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.77%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-3969
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationIMController
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-3899
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-7.8||HIGH
EPSS-3.14% / 86.58%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 18:40
Updated-26 Aug, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

Action-Not Available
Vendor-ApportCanonical Ltd.
Product-apportubuntu_linuxApportapport
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-34986
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.61%
||
7 Day CHG~0.00%
Published-15 Jul, 2022 | 19:05
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13932.

Action-Not Available
Vendor-Parallels International Gmbh
Product-parallels_desktopDesktop
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-3922
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationIMController
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-20181
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 15:24
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.

Action-Not Available
Vendor-n/aQEMUDebian GNU/Linux
Product-debian_linuxqemuqemu
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-55236
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.57%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-13 Feb, 2026 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Graphics Kernel Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_server_2022windows_server_2022_23h2windows_10_22h2windows_11_24h2windows_server_2019windows_10_1809windows_10_21h2windows_11_23h2windows_server_2025Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-55696
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.47%
||
7 Day CHG+0.03%
Published-14 Oct, 2025 | 17:01
Updated-13 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2019
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-55680
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.47%
||
7 Day CHG+0.03%
Published-14 Oct, 2025 | 17:01
Updated-13 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_11_24h2windows_server_2022windows_10_22h2windows_server_2022_23h2windows_10_1809windows_server_2025windows_server_2019windows_11_25h2Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2019
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2019-1065
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.70%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 1803Windows Server, version 1803 (Server Core Installation)Windows 10 Version 1809Windows 10 Version 1903 for ARM64-based SystemsWindows Server 2019Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server 2019 (Server Core installation)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-49730
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 66.50%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022windows_server_2012windows_10_1507windows_11_24h2windows_11_22h2windows_11_23h2windows_server_2022_23h2windows_10_1607windows_10_1809windows_server_2008windows_server_2019windows_server_2025windows_10_21h2windows_server_2016Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-27076
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.88%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:26
Updated-19 Aug, 2025 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Display

Memory corruption while processing simultaneous requests via escape path.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm6490_firmwaresnapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)aqt1000snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm6250snapdragon_7c_compute_platform_\(sc7180-ac\)wsa8835qca6391snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-ab\)fastconnect_7800_firmwarewsa8845_firmwaresc8180x\+sdx55_firmwarewsa8830snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)_firmwarewsa8845h_firmwaresnapdragon_8c_compute_platform_\(sc8180xp-ad\)snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)_firmwareqca6430qcs6490_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-aa\)wsa8815_firmwarevideo_collaboration_vc3_platform_firmwarewsa8810qca6420snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-ac\)wcd9370_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)fastconnect_6800snapdragon_8cx_compute_platform_\(sc8180x-ab\)_firmwarefastconnect_6200_firmwarewsa8840_firmwarewsa8810_firmwarewcd9380_firmwarewsa8835_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"_firmwarewcd9341snapdragon_8cx_compute_platform_\(sc8180xp-ac\)_firmwarewcd9370sm6250_firmwareaqt1000_firmwareqcm5430_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-af\)wcd9385snapdragon_8cx_gen_3_compute_platform_\(sc8280xp-bb\)_firmwarefastconnect_6800_firmwaresnapdragon_7c\+_gen_3_computewsa8840wcd9375_firmwaresc8180x\+sdx55wcd9385_firmwarewsa8815wcd9341_firmwaresnapdragon_8cx_compute_platform_\(sc8180xp-ac\)fastconnect_6700_firmwarefastconnect_7800snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-ab\)qcs5430snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmwarewsa8845hsc8380xpwcd9340qcm6490qcs5430_firmwarefastconnect_6900_firmwaresnapdragon_7c_gen_2_compute_platform_\(sc7180-ad\)_\"rennell_pro\"snapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)_firmwarefastconnect_6700qca6430_firmwaresnapdragon_8c_compute_platform_\(sc8180x-ad\)_firmwarewsa8845fastconnect_6900qcs6490wcd9375video_collaboration_vc3_platformsnapdragon_8cx_compute_platform_\(sc8180xp-af\)_firmwaresc8380xp_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180x-af\)wcd9340_firmwareqcm5430snapdragon_8cx_compute_platform_\(sc8180x-aa\)_firmwaresnapdragon_8cx_compute_platform_\(sc8180x-ab\)qca6391_firmwarewsa8830_firmwarewcd9380snapdragon_7c_compute_platform_\(sc7180-ac\)_firmwarefastconnect_6200qca6420_firmwaresnapdragon_8cx_gen_2_5g_compute_platform_\(sc8180xp-aa\)_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-21485
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.46%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:53
Updated-20 Aug, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100psm8735_firmwarefastconnect_6900_firmwaresw5100p_firmwarewsa8845_firmwarewcn7880_firmwarewsa8832_firmwaresm8750p_firmwarewcd9390wsa8835sw5100_firmwarewsa8830_firmwarewcd9395wsa8845wsa8840sxr2330pfastconnect_7800wsa8845h_firmwarefastconnect_7800_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresm8750wsa8830snapdragon_w5\+_gen_1_wearable_platform_firmwarewcn7880wsa8832snapdragon_w5\+_gen_1_wearable_platformsw5100wcd9378wsa8835_firmwarewcn7860fastconnect_6900wcd9385wcd9385_firmwaresm8735sxr2230psm8750psnapdragon_8_gen_3_mobile_platformsxr2250pwcn7861_firmwarewsa8840_firmwarewcn7750sxr2230p_firmwareqmp1000wcn7881sxr2250p_firmwarewcn7860_firmwaresm8750_firmwareqmp1000_firmwarewcd9378_firmwarewsa8845hsxr2330p_firmwarewcd9390_firmwarewcd9380_firmwarewcd9395_firmwarewcn7861wcn7750_firmwarewcd9380wcn7881_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-21473
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.88%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-07 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux

Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-21455
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.78%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-20 Aug, 2025 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux

Memory corruption while submitting blob data to kernel space though IOCTL.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_6800_firmwaresw5100p_firmwarefastconnect_6900_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresw5100pqca6391_firmwarewsa8815_firmwarewsa8832_firmwaresnapdragon_xr2_5g_platformwsa8810_firmwaresnapdragon_870_5g_mobile_platform_\(sm8250-ac\)sw5100_firmwaresxr2130wcn3980_firmwarewsa8830_firmwarewsa8835fastconnect_7800sd865_5gsnapdragon_870_5g_mobile_platform_\(sm8250-ac\)_firmwaresdx55_firmwarefastconnect_7800_firmwareqca6391wsa8830wsa8832sw5100fastconnect_6800wcn3980wcn3988_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcn3988qca6426_firmwaresnapdragon_8_gen_1_mobile_platformwsa8835_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarefastconnect_6900sd865_5g_firmwarewcd9385wcd9385_firmwareqsm8250snapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)snapdragon_xr2_5g_platform_firmwaresxr2230psxr2250psdx55qca6426qca6436sxr2230p_firmwaresxr2250p_firmwaresnapdragon_865_5g_mobile_platformwsa8815snapdragon_x55_5g_modem-rf_systemwsa8810qsm8250_firmwarewcd9380_firmwareqca6436_firmwaresnapdragon_865\+_5g_mobile_platform_\(sm8250-ab\)_firmwarewcd9380sxr2130_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-20082
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.02%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:02
Updated-16 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Server D50DNP and M50FCP boards
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-13032
Matching Score-4
Assigner-NortonLifeLock Inc.
ShareView Details
Matching Score-4
Assigner-NortonLifeLock Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.04% / 10.48%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:16
Updated-08 Dec, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3  on windows allows local attacker to escalate privelages via pool overflow.

Action-Not Available
Vendor-avastAvastAvsatAVGMicrosoft Corporation
Product-antiviruswindowsOne(Free/Premiium/Ultimeat) Antivirus(Free/Inernet Security/Ultimate) Antivirus
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-54084
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.24%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 14:01
Updated-02 Oct, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMM Arbitrary Write via TOCTOU Vulnerability

APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

Action-Not Available
Vendor-AMI
Product-aptio_vAptioV
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-53289
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.08% / 22.79%
||
7 Day CHG~0.00%
Published-11 Dec, 2024 | 07:40
Updated-04 Feb, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Action-Not Available
Vendor-Dell Inc.
Product-thinosWyse Proprietary OS (Modern ThinOS)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-53032
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.79%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-07 Mar, 2025 | 11:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive OS Platform

Memory corruption may occur in keyboard virtual device due to guest VM interaction.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa9000pqca6595au_firmwaresa8650p_firmwareqam8775psa8255pqamsrv1m_firmwareqca6595qca6688aq_firmwaresa8770psa8775psrv1h_firmwaresa8620p_firmwareqam8650p_firmwareqca6595_firmwaresrv1mqam8620psa8775p_firmwareqamsrv1msa9000p_firmwaresrv1hqca6574ausa7255psrv1m_firmwaresa8620psa7775psa8650pqam8620p_firmwaresa8540p_firmwaresa7255p_firmwareqam8775p_firmwareqam8295p_firmwareqam8255pqca6688aqqca6698aqsa7775p_firmwaresa8255p_firmwaresa8770p_firmwaresa8295p_firmwareqca6696_firmwareqam8295pqamsrv1hsrv1l_firmwareqca6574au_firmwareqamsrv1h_firmwareqca6595auqam8255p_firmwaresa8295psrv1lqca6698aq_firmwareqam8650pqca6696sa8540pSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-53028
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.79%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 10:07
Updated-05 Mar, 2025 | 04:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Automotive Vehicle Networks

Memory corruption may occur while processing message from frontend during allocation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-31422
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.39%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 16:31
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527.

Action-Not Available
Vendor-Parallels International Gmbh
Product-parallels_desktopDesktop
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-667
Improper Locking
  • Previous
  • 1
  • 2
  • Next
Details not found