Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-24951

Summary
Assigner-facebook
Assigner Org ID-4fc57720-52fe-4431-a0fb-3d2c8747b827
Published At-16 Aug, 2022 | 00:00
Updated At-03 Aug, 2024 | 04:29
Rejected At-
Credits

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:facebook
Assigner Org ID:4fc57720-52fe-4431-a0fb-3d2c8747b827
Published At:16 Aug, 2022 | 00:00
Updated At:03 Aug, 2024 | 04:29
Rejected At:
â–¼CVE Numbering Authority (CNA)

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.

Affected Products
Vendor
Jason Gauci
Product
Eternal Terminal
Versions
Affected
  • From unspecified before 6.2.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-362Race Condition (CWE-362)
Type: CWE
CWE ID: CWE-362
Description: Race Condition (CWE-362)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q
N/A
https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0
N/A
http://www.openwall.com/lists/oss-security/2023/02/16/1
mailing-list
Hyperlink: https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q
Resource: N/A
Hyperlink: https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/16/1
Resource:
mailing-list
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q
x_transferred
https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0
x_transferred
http://www.openwall.com/lists/oss-security/2023/02/16/1
mailing-list
x_transferred
Hyperlink: https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q
Resource:
x_transferred
Hyperlink: https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0
Resource:
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/16/1
Resource:
mailing-list
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-assign@fb.com
Published At:16 Aug, 2022 | 01:15
Updated At:16 Feb, 2023 | 19:15

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
eternal_terminal_project
eternal_terminal_project
>>eternal_terminal>>Versions before 6.2.0(exclusive)
cpe:2.3:a:eternal_terminal_project:eternal_terminal:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-362Primarynvd@nist.gov
CWE-362Secondarycve-assign@fb.com
CWE ID: CWE-362
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-362
Type: Secondary
Source: cve-assign@fb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2023/02/16/1cve-assign@fb.com
N/A
https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0cve-assign@fb.com
Third Party Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95qcve-assign@fb.com
Exploit
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2023/02/16/1
Source: cve-assign@fb.com
Resource: N/A
Hyperlink: https://github.com/MisterTea/EternalTerminal/releases/tag/et-v6.2.0
Source: cve-assign@fb.com
Resource:
Third Party Advisory
Hyperlink: https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-546v-59j5-g95q
Source: cve-assign@fb.com
Resource:
Exploit
Patch

Change History

0
Information is not available yet

Similar CVEs

333Records found
CVE-2025-54105
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 18.55%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Brokering File System Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2022_23h2windows_server_2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-54108
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 18.55%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_server_2025Windows Server 2025Windows Server 2025 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-54115
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.13% / 32.59%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_10_1809windows_server_2022_23h2windows_server_2022windows_server_2025windows_11_23h2windows_10_21h2windows_11_22h2windows_10_22h2windows_server_2019Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2019Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-54114
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 18.55%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_11_23h2windows_server_2016windows_10_1607windows_11_24h2windows_server_2022_23h2windows_10_22h2windows_server_2025windows_server_2022Windows Server 2025Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2016Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2025-53807
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 18.55%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:01
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022windows_11_22h2windows_11_24h2windows_10_22h2windows_10_21h2windows_11_23h2windows_server_2019windows_server_2025windows_server_2022_23h2windows_10_1809Windows Server 2025Windows Server 2022Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2019
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2017-6874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.09% / 26.11%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 09:02
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2017-7533
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-9.42% / 92.88%
||
7 Day CHG~0.00%
Published-05 Aug, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelLinux kernel through 4.12.4
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-39759
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-7||HIGH
EPSS-0.01% / 3.16%
||
7 Day CHG~0.00%
Published-11 Sep, 2025 | 16:52
Updated-12 May, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
btrfs: qgroup: fix race between quota disable and quota rescan ioctl

In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the fs_info->qgroup_tree rbtree. This happens as follows: 1) Task A enters btrfs_ioctl_quota_rescan() -> btrfs_qgroup_rescan(); 2) Task B enters btrfs_quota_disable() and calls btrfs_qgroup_wait_for_completion(), which does nothing because at that point fs_info->qgroup_rescan_running is false (it wasn't set yet by task A); 3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups from fs_info->qgroup_tree without taking the lock fs_info->qgroup_lock; 4) Task A enters qgroup_rescan_zero_tracking() which starts iterating the fs_info->qgroup_tree tree while holding fs_info->qgroup_lock, but task B is freeing qgroup records from that tree without holding the lock, resulting in a use-after-free. Fix this by taking fs_info->qgroup_lock at btrfs_free_qgroup_config(). Also at btrfs_qgroup_rescan() don't start the rescan worker if quotas were already disabled.

Action-Not Available
Vendor-Debian GNU/LinuxSiemens AGLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinuxSIMATIC CN 4100
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-53135
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.15% / 35.61%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DirectX Graphics Kernel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_10_22h2windows_server_2019windows_10_1507windows_server_2022windows_server_2022_23h2windows_10_1809windows_10_21h2windows_server_2016windows_server_2025windows_11_24h2windows_11_22h2windows_server_2012Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-50167
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.11% / 29.42%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_10_22h2windows_server_2012windows_server_2019windows_10_1507windows_server_2022_23h2windows_10_21h2windows_11_23h2windows_server_2022windows_server_2016windows_server_2025windows_11_24h2windows_10_1607windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2025-49744
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-2.17% / 84.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-26 Feb, 2026 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022_23h2windows_10_1607windows_11_23h2windows_server_2025windows_10_21h2windows_10_1809windows_server_2022windows_server_2019windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2019Windows Server 2022Windows 10 Version 1507Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-49762
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.15% / 35.61%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_11_23h2windows_10_22h2windows_server_2008windows_server_2019windows_10_1507windows_server_2022windows_server_2022_23h2windows_10_1809windows_10_21h2windows_server_2016windows_server_2025windows_11_24h2windows_11_22h2windows_server_2012Windows Server 2025Windows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-48641
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.00% / 0.02%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 18:42
Updated-06 Mar, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-48564
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.01% / 0.84%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 16:57
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-48625
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.01% / 0.24%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 17:27
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-48533
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7||HIGH
EPSS-0.00% / 0.20%
||
7 Day CHG~0.00%
Published-04 Sep, 2025 | 18:17
Updated-05 Sep, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-2636
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.52% / 66.93%
||
7 Day CHG~0.00%
Published-07 Mar, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-415
Double Free
CVE-2019-10143
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 21.94%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 00:00
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."

Action-Not Available
Vendor-FreeRADIUSRed Hat, Inc.Fedora Project
Product-freeradiusfedoraenterprise_linuxfreeradiusfreeradiusfedoraenterprise_linux
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-41914
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 18.91%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 00:00
Updated-05 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.

Action-Not Available
Vendor-schedmdn/aschedmdFedora Project
Product-slurmfedoran/aslurm
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-17712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.08% / 22.63%
||
7 Day CHG~0.00%
Published-16 Dec, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-34725
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-0.02% / 6.36%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Imagination Technologies LimitedGoogle LLC
Product-androidAndroidpowervr-gpu
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-1416
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.22% / 44.26%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-29841
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.18% / 39.86%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:59
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Universal Print Management Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022_23h2windows_11_22h2windows_server_2025windows_11_24h2windows_11_23h2windows_server_2022windows_10_21h2Windows 10 Version 21H2Windows 11 version 22H2Windows 11 version 22H3Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2023-38159
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-1.02% / 77.46%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 version 21H2Windows 10 Version 1809Windows Server 2022Windows 10 Version 22H2Windows Server 2016Windows Server 2019Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.03% / 10.33%
||
7 Day CHG~0.00%
Published-18 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelh500sh410sh300sh700sn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.02% / 6.18%
||
7 Day CHG~0.00%
Published-18 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelh500sh410sh410ch300sh700sn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35824
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-18 Jun, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2023-36405
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.12% / 30.44%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-17 Oct, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows 11 version 21H2Windows 10 Version 1607Windows 10 Version 21H2Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows 10 Version 22H2Windows Server 2016
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-36776
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.95% / 76.55%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Win32k Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 22H2Windows Server 2016Windows Server 2012 R2Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows 11 version 21H2Windows Server 2022Windows Server 2019Windows 10 Version 21H2
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-15265
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.11% / 28.20%
||
7 Day CHG~0.00%
Published-16 Oct, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2023-35828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.03% / 10.54%
||
7 Day CHG~0.00%
Published-18 Jun, 2023 | 00:00
Updated-21 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelh500sh410sh410ch300sh700sn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35827
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.01% / 3.32%
||
7 Day CHG~0.00%
Published-18 Jun, 2023 | 00:00
Updated-02 Aug, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-25278
Matching Score-4
Assigner-OpenHarmony
ShareView Details
Matching Score-4
Assigner-OpenHarmony
CVSS Score-8.4||HIGH
EPSS-0.02% / 3.71%
||
7 Day CHG~0.00%
Published-11 Aug, 2025 | 02:36
Updated-12 Aug, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
liteos_a has a race condition vulnerability

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

Action-Not Available
Vendor-OpenAtom FoundationOpenHarmony (OpenAtom Foundation)
Product-openharmonyOpenHarmony
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.01% / 1.12%
||
7 Day CHG~0.00%
Published-18 Jun, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2023-35378
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.07% / 20.71%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:08
Updated-01 Jan, 2025 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Projected File System Elevation of Privilege Vulnerability

Windows Projected File System Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_11_22h2windows_11_21h2windows_10_22h2windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows 10 Version 22H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35360
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.10% / 26.70%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35361
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.10% / 26.70%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:02
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-3397
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 0.85%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 19:05
Updated-20 Nov, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: slab-use-after-free write in txend due to race condition

A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-33110
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.61%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 05:38
Updated-21 May, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Out-of-range Pointer Offset in Audio

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_wear_2100_platformsnapdragon_8_gen_1_mobile_platformsnapdragon_850_mobile_compute_platform_firmwaresnapdragon_662_mobile_platform_firmwarewsa8830sxr2230p_firmwaresnapdragon_850_mobile_compute_platformsnapdragon_x24_lte_modem_firmwaresnapdragon_778g\+_5g_mobile_platformsnapdragon_870_5g_mobile_platform_firmwaresnapdragon_820_automotive_platform_firmwaresnapdragon_865_5g_mobile_platformsnapdragon_888_5g_mobile_platformvision_intelligence_100_platform_firmwarewcd9360_firmwaresnapdragon_wear_2100_platform_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresnapdragon_450_mobile_platform_firmwaresnapdragon_450_mobile_platformsnapdragon_427_mobile_platformsnapdragon_480_5g_mobile_platformsnapdragon_x70_modem-rf_systemsnapdragon_xr1_platform_firmwaresnapdragon_auto_4g_modem_firmwarewcd9370ssg2115psnapdragon_460_mobile_platform_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwarewcn3990_firmwarewcd9371_firmwarewcd9385_firmwarewcn3950wcd9326_firmwarewcn3615_firmwaresnapdragon_7c_gen_2_compute_platformwcn3660bsnapdragon_460_mobile_platformsnapdragon_660_mobile_platform_firmwarevision_intelligence_200_platformsnapdragon_435_mobile_platform_firmwaresnapdragon_429_mobile_platform_firmwaresnapdragon_695_5g_mobile_platform_firmwaresnapdragon_835_mobile_pc_platform_firmwaresnapdragon_778g_5g_mobile_platformsnapdragon_636_mobile_platformsnapdragon_x55_5g_modem-rf_systemsnapdragon_778g\+_5g_mobile_platform_firmwarewcd9375_firmwarewcn3615wcn3680b_firmwarewcn3999_firmwaresnapdragon_425_mobile_platformwcn3610_firmwaresnapdragon_429_mobile_platformsnapdragon_xr2\+_gen_1_platformsnapdragon_680_4g_mobile_platform_firmwarewcd9360snapdragon_782g_mobile_platform_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwarewcd9306snapdragon_auto_5g_modem-rf_firmwaresnapdragon_427_mobile_platform_firmwaresnapdragon_x65_5g_modem-rf_system_firmwaresnapdragon_821_mobile_platform_firmwaresnapdragon_870_5g_mobile_platformsnapdragon_x70_modem-rf_system_firmwarewcn3999snapdragon_x5_lte_modem_firmwaresnapdragon_439_mobile_platformsnapdragon_625_mobile_platformsnapdragon_wear_3100_platformvision_intelligence_300_platform_firmwaresnapdragon_765g_5g_mobile_platformwcn3988_firmwaresnapdragon_630_mobile_platformsnapdragon_678_mobile_platform_firmwarewcd9306_firmwaresnapdragon_8\+_gen_1_mobile_platformsnapdragon_720g_mobile_platformsnapdragon_8cx_compute_platformsxr1120wcd9340snapdragon_626_mobile_platform_firmwaresnapdragon_820_mobile_platformwsa8810_firmwarevision_intelligence_200_platform_firmwaresnapdragon_780g_5g_mobile_platformsw5100vision_intelligence_400_platformsnapdragon_ar2_gen_1_platform_firmwarewcd9326wcd9335snapdragon_765_5g_mobile_platform_firmwaresnapdragon_690_5g_mobile_platformsnapdragon_888\+_5g_mobile_platformsnapdragon_wear_1300_platform_firmwarewcd9385sxr2130_firmwarewcd9341snapdragon_wear_2500_platformwcn3660_firmwarewcd9371snapdragon_x12_lte_modem_firmwaresnapdragon_x12_lte_modemsnapdragon_665_mobile_platform_firmwarewcn3910_firmwarewcd9375snapdragon_855_mobile_platform_firmwaresnapdragon_430_mobile_platformsnapdragon_712_mobile_platform_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformsnapdragon_685_4g_mobile_platformsnapdragon_768g_5g_mobile_platform_firmwarewsa8830_firmwarewcn3620_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_636_mobile_platform_firmwaresnapdragon_685_4g_mobile_platform_firmwarewcn3620snapdragon_865_5g_mobile_platform_firmwaresxr1120_firmwaresnapdragon_7c_gen_2_compute_platform_firmwaresnapdragon_730_mobile_platform_firmwaresnapdragon_750g_5g_mobile_platform_firmwaresnapdragon_x5_lte_modemsnapdragon_675_mobile_platform_firmwaresnapdragon_855\+\/860_mobile_platform_firmwaresnapdragon_626_mobile_platformwcn3610snapdragon_845_mobile_platformwcd9380_firmwaresnapdragon_778g_5g_mobile_platform_firmwaressg2125pwcn3990sw5100psnapdragon_8cx_gen_2_5g_compute_platformwcd9330snapdragon_w5\+_gen_1_wearable_platformsnapdragon_835_mobile_pc_platformsnapdragon_670_mobile_platform_firmwaresnapdragon_8c_compute_platformwsa8835sxr1230p_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_auto_5g_modem-rfwcd9380snapdragon_782g_mobile_platformsnapdragon_wear_4100\+_platform_firmwaresnapdragon_678_mobile_platformsnapdragon_855\+\/860_mobile_platformssg2125p_firmwaresnapdragon_425_mobile_platform_firmwaresnapdragon_wear_4100\+_platformsxr2130snapdragon_430_mobile_platform_firmwaresxr1230pwcd9335_firmwarewcn3980snapdragon_732g_mobile_platform_firmwarewcd9340_firmwarewsa8815sxr2230psnapdragon_865\+_5g_mobile_platformwcn3910snapdragon_630_mobile_platform_firmwaresnapdragon_xr2_5g_platform_firmwaresnapdragon_439_mobile_platform_firmwaresnapdragon_435_mobile_platformwcn3660b_firmwarewcn3680snapdragon_665_mobile_platformsnapdragon_730g_mobile_platformsnapdragon_670_mobile_platformsnapdragon_821_mobile_platformvision_intelligence_300_platformsnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_xr2\+_gen_1_platform_firmwarewcd9330_firmwarewcn3980_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwaresnapdragon_710_mobile_platformsnapdragon_820_automotive_platformsnapdragon_x50_5g_modem-rf_system_firmwaresnapdragon_7c_compute_platform_firmwarewcn6740_firmwaresnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_480\+_5g_mobile_platformsnapdragon_8cx_compute_platform_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_845_mobile_platform_firmwarevision_intelligence_100_platformsnapdragon_xr2_5g_platformsnapdragon_632_mobile_platform_firmwaresnapdragon_x65_5g_modem-rf_systemsnapdragon_auto_4g_modemwcn3680_firmwarewsa8832_firmwaresnapdragon_xr1_platformsnapdragon_660_mobile_platformwcd9341_firmwarewsa8810snapdragon_765g_5g_mobile_platform_firmwaresnapdragon_x24_lte_modemwsa8832snapdragon_712_mobile_platformsnapdragon_8cx_gen_3_compute_platformsnapdragon_730g_mobile_platform_firmwaresnapdragon_680_4g_mobile_platformsnapdragon_8_gen_1_mobile_platform_firmwaresw5100p_firmwaresnapdragon_ar2_gen_1_platformsnapdragon_730_mobile_platformsnapdragon_8c_compute_platform_firmwarewcn3680bsnapdragon_675_mobile_platformsnapdragon_wear_2500_platform_firmwarewcn6740snapdragon_750g_5g_mobile_platformsnapdragon_888\+_5g_mobile_platform_firmwaresnapdragon_732g_mobile_platformsnapdragon_710_mobile_platform_firmwarewcd9370_firmwaresnapdragon_x50_5g_modem-rf_systemsnapdragon_768g_5g_mobile_platformsnapdragon_765_5g_mobile_platformsnapdragon_695_5g_mobile_platformsnapdragon_820_mobile_platform_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresnapdragon_wear_3100_platform_firmwaressg2115p_firmwaresw5100_firmwarewcn3660snapdragon_8cx_gen_2_5g_compute_platform_firmwaresnapdragon_wear_1300_platformsnapdragon_720g_mobile_platform_firmwaresnapdragon_7c_compute_platformsnapdragon_855_mobile_platformsnapdragon_632_mobile_platformsnapdragon_625_mobile_platform_firmwareSnapdragon
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-28142
Matching Score-4
Assigner-Qualys, Inc.
ShareView Details
Matching Score-4
Assigner-Qualys, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 15:51
Updated-03 Mar, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Race Condition

A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM level privileges on that asset to run arbitrary commands. At the time of this disclosure, versions before 4.0 are classified as End of Life.

Action-Not Available
Vendor-qualysQualys
Product-cloud_agentCloud Agent
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-20801
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 0.46%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8792mt8796mt6991androidmt6985mt6989mt8798mt6897mt6993mt6899mt6878MediaTek chipset
CWE ID-CWE-415
Double Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-28273
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.34% / 56.58%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Clip Service Elevation of Privilege Vulnerability

Windows Clip Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1809windows_server_2016windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 11 version 21H2Windows 10 Version 22H2Windows 10 Version 20H2Windows 11 version 22H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows 10 Version 21H2Windows Server 2019Windows 10 Version 1607Windows Server 2019 (Server Core installation)
CWE ID-CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-28144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.08% / 23.57%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.

Action-Not Available
Vendor-kdabn/a
Product-hotspotn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2010-5181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in VIPRE Antivirus Premium 4.0.3272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-gfin/aMicrosoft Corporation
Product-vipre_antiviruswindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2011-0699
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.05% / 14.30%
||
7 Day CHG~0.00%
Published-20 Feb, 2020 | 17:18
Updated-06 Aug, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelLinux kernel
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-21221
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.07% / 22.53%
||
7 Day CHG+0.03%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_24h2windows_11_25h2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2025Windows 11 Version 25H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2010-5169
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7||HIGH
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-25 Aug, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in Online Armor Premium 4.0.0.35 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute

Action-Not Available
Vendor-emisoftn/aMicrosoft Corporation
Product-online_armorwindows_xpn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-1048
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.01% / 2.95%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 15:34
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxRed Hat, Inc.
Product-h300eh500senterprise_linuxh300s_firmwareh410c_firmwareh410sh300sh300e_firmwaredebian_linuxlinux_kernelh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwareh700eh410ch700e_firmwareh700skernel
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-20826
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.73%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_21h2windows_10_22h2windows_server_2022_23h2windows_server_2025windows_10_1809windows_server_2022windows_11_24h2windows_10_1607windows_server_2019windows_11_23h2windows_11_25h2Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows Server 2022Windows 10 Version 22H2Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2016Windows 10 Version 1607Windows 11 Version 23H2Windows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 1809
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-20830
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 10.77%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025Windows Server 2025 (Server Core installation)Windows Server 2025
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found