Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-34349

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-11 Aug, 2023 | 02:37
Updated At-01 Oct, 2024 | 20:47
Rejected At-
Credits

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:11 Aug, 2023 | 02:37
Updated At:01 Oct, 2024 | 20:47
Rejected At:
▼CVE Numbering Authority (CNA)

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
Intel(R) NUC BIOS firmware
Default Status
unaffected
Versions
Affected
  • See references
Problem Types
TypeCWE IDDescription
N/AN/Aescalation of privilege
CWECWE-421Race condition
Type: N/A
CWE ID: N/A
Description: escalation of privilege
Type: CWE
CWE ID: CWE-421
Description: Race condition
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html
N/A
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html
x_transferred
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:11 Aug, 2023 | 03:15
Updated At:07 Nov, 2023 | 04:15

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.14.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
CPE Matches
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnh_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnh_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnh>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnh:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhf_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhf_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhf>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhf:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhfa_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhfa_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhfa>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhfa:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhja_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhja_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhja>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhja:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhn_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhn_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnhn>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnhn:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnk_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnk_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnk>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnk:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnkn_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnkn_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i3fnkn>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i3fnkn:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnh_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnh_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnh>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnh:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhca_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhca_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhca>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhca:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhf_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhf_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhf>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhf:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhja_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhja_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhja>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhja:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhj_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhj_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhj>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhj:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhn_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhn_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnhn>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnhn:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnk_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnk_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnk>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnk:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnkn_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnkn_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnkn>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnkn:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnkpa_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnkpa_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnkpa>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnkpa:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnkp_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnkp_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i5fnkp>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i5fnkp:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnh_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnh_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnh>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnh:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhaa_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhaa_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhaa>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhaa:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhc_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhc_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhc>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhc:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhja_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhja_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhja>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhja:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhn_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhn_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnhn>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnhn:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnk_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnk_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnk>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnk:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnkn_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnkn_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnkn>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnkn:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnkp_firmware>>-
cpe:2.3:o:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnkp_firmware:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>nuc_performance_kit_and_mini_pc_nuc10i7fnkp>>-
cpe:2.3:h:intel:nuc_performance_kit_and_mini_pc_nuc10i7fnkp:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-362Primarynvd@nist.gov
CWE-421Secondarysecure@intel.com
CWE ID: CWE-362
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-421
Type: Secondary
Source: secure@intel.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.htmlsecure@intel.com
Patch
Vendor Advisory
Hyperlink: http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00917.html
Source: secure@intel.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

84Records found
CVE-2021-39712
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-39642
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195731663References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-39735
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.38%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-11151
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 7.18%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580wsa8830qln5030qbt1500pmi632qpa5581qdm2307qfs2530qpa8802pm6125qat3519qcs4290qet6100pmm855ausdr660gpm8150aqtc800hqdm5670qpa8686pm7150lqpa8821pm7150asmb1396wcd9370qdm5671sdr425qca6426qat3518wcn3998wcn3950qat5516wcn3660bqdm5620sd662pm3003asa8155qdm5652sd6905gqat5533qca6595auqpm5679qbt2000qpm8870pm6150asmb1354qca6584auqdm2305qpm8820pm8150bqsm7250pm8250pmx55qat3522pmr735aqca6421qdm3301sa8195pqpm5677qat5515sd765gqca6436sdr660wcn6851sa6155pqpa6560sdr865wcd9385wcd9341qca6431qln5020sd750gqca6390wcd9375qpa8673sa8150ppm6350pmm8195auqdm2310qdm5621qln4642sda429wqdm5650wcn3988wtr3925wcn3620smb1390pm6150lwcn3610qet6110qln5040qpm8895qpm6585qtc410sqpm5670wcn3991smb1355qln4650qpa8801wgr7640qet5100qca6595qpm8830sdxr25gpm6150qat5522wsa8835pm7250bpm8150cpmr735bqpa8842wcd9380qpa4360qca6574asdr735pm7250smb1395smr525qpa8803smr526wcn3980pmk8003wcn6750pmr525qdm2301qpm4650qtm525wsa8815wcn6850sd665sd765pm640pqat3555pm8009sd460qca6391sdx55mpm8008qsw8574qcm4290pm640aqtc801ssd8655gqca6574auqpm5621qpm6582wsa8810pm8150lqdm2308qat3550qdm5677qdm5679sdr8250sd768gwtr2965qca6696qpa2625pm640lpmk8002sdx55sd675qet4101qat3516sm7250pqpm5658qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35645
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.89%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 18:40
Updated-18 Sep, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-11152
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 6.14%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2550qfe4465fcsdr051pm660qbt1500qca8337pmi632csra6620qtc800hmsm8917apq8076qca9377wcn3998whs9410wcn3950qpa5460wtr2955wcn3660bqfe4320smb1380qfe4308apq8037wcn3615qbt2000msm8909wpm855pqca6420wcd9360qtc800tpm8940wcd9306qca6584auqca6310pm8937qfe2081fcwcn3999pm855sdm630msm8976sgqcc1110qca6430qcs405qat3522qfe2101qfe4455fcsmb1360wcd9340pm8953smb231qfe3440fcqat3514sdr660wcd9326wcd9335msm8937apq8052smb1358wcd9341pm439pmi8952aqt1000msm8956msm8976qtc800smsm8952apq8056sd660sd712wtr3925pmi8937pm8998qfe2080fcsdr052sdw3100smb1390wcn3620msm8916apq8017qca6564apmx24sd450qet4100wcn3610wcn3990smb1355wcd9330wgr7640sd636qet5100qca6564ausdx24msm8996aupmm8996aurgr7640auqln1035bdqpa4360pm855asmb1381qca6574aqca6174apm660lwtr4905wtr5975wcn3980qsw8573qcs605sd855wsa8815sd8cxqbt1000qfe4305qca6320qfe4309sd835smb1351pm670aqfe4373fcqfe2082fcmsm8920msm8953pmi8998pm660aqpa4340sdx50msdr8150pm855lpm8916qcs603qtc801srsw8577pmd9655qfe4302qca6574ausd710apq8009wqfe4303wsa8810pm670qat3550pmx50pm8005wcn3680bapq8096auar8031wtr2965qfe4301pm8004qet5100mmsm8940apq8053sdw2500csra6640sd439qet4101pm8952pm670lsdm830pm855bpm8956Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-2189
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 0.91%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:21
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112312381

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20685
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8891androidmt6789mt8798mt6983mt8673mt8795tmt6895mt6855mt8781mt6879MT6789, MT6855, MT6879, MT6895, MT6983, MT8673, MT8781, MT8795T, MT8798, MT8891
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20684
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8891androidmt6789mt8798mt6983mt8673mt8795tmt6895mt6855mt8781mt6879MT6789, MT6855, MT6879, MT6895, MT6983, MT8673, MT8781, MT8795T, MT8798, MT8891
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20834
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.44%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-21 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6895mt6985mt8175mt8188androidmt6886mt6983mt8195mt8365mt8781mt6879MT6879, MT6886, MT6895, MT6983, MT6985, MT8175, MT8188, MT8195, MT8365, MT8781mt8781
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20801
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-07 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6895mt8188androidmt8395mt6983yoctomt8195mt8781mt6879MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781mt6879mt6895mt8188mt8395mt6983mt8781mt8195
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-3573
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 6.30%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelfedorakernel
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-0268
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.50%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 15:02
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-9450
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.38%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 21:48
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-0066
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 5.80%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 20:02
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-0305
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 10.49%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 19:59
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744

Action-Not Available
Vendor-n/aopenSUSEGoogle LLC
Product-androidleapAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-0126
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.30%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 14:43
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-0045
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 5.46%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 20:01
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141243101

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-9375
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 0.68%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hostapd, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129344244

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2019-9271
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.55%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 21:45
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20687
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-androidmt6983mt6895mt8781mt6879MT6879, MT6895, MT6983, MT8781
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20736
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.27%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 12:11
Updated-07 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vcu, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645189.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6873mt6893mt6833mt8395mt6885yoctomt6877mt6781mt8365mt6891mt6883mt6853iot-yoctomt6853tmt8168mt6789androidmt6769mt6875mt6889mt6768mt6779mt6785MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8365, MT8395
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20827
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.10%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-10 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ims service, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937105; Issue ID: ALPS07937105.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6879mt6873mt6893mt6886mt8791tmt6983mt6891mt6883mt6853tmt6835mt6769mt6761mt6875mt6889mt8797mt6768mt6985mt6771mt6833mt6885mt8673mt6877mt6762mt6781mt6853mt6895mt6789androidmt6779mt6785mt6763MT6761, MT6762, MT6763, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8673, MT8791T, MT8797mt6855mt6873mt6893mt6763mt6886mt8791tmt6983mt6891mt6883mt6853tmt6835mt6769mt6761mt6875mt6889mt8797mt6768mt6985mt6771mt6833mt6885mt8673mt6877mt6762mt6781mt6853mt6895mt6789androidmt6779mt6785mt6879
CWE ID-CWE-1298
Hardware Logic Contains Race Conditions
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20771
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.27%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 01:44
Updated-04 Dec, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8168mt6771androidmt6739mt6580mt6761mt6768mt6779mt6785mt8781mt6765MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6785, MT8168, MT8781
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20686
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 0.50%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-androidmt6983mt6895mt8781mt6879MT6879, MT6895, MT6983, MT8781
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-20835
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.44%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-21 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6895mt8188androidmt8395mt6983iot_yoctoyoctomt8781mt8195MT6895, MT6983, MT8188, MT8195, MT8395, MT8781mt8781
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-42832
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_osmacOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-42831
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-01 Nov, 2022 | 00:00
Updated-21 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-ipadosmacosiphone_osmacOS
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-41086
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 13.24%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Group Policy Elevation of Privilege Vulnerability

Windows Group Policy Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-30313
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 11:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwareqcs610ipq4028_firmwareqcn5550qca8337ar9380ipq8173_firmwaresdx65qcn5124qca4024_firmwarewcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qcn5064csra6620_firmwareqcs605_firmwarecsra6640_firmwareqca9987_firmwarewcn3998wcn3950qcn6024_firmwareipq8076asd_8_gen1_5g_firmwaresm6375_firmwarewcn3660bsd460_firmwaresm7315_firmwareqca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwaresdx12_firmwareqca6438_firmwareqca9986ipq8070_firmwareipq8065ipq8078a_firmwarewcn3999qrb5165_firmwareipq5028qca7500ipq8072_firmwareipq4029_firmwaresa8155_firmwareipq6010sd662_firmwareipq8068qcs405wcd9340sd765gqualcomm215_firmwareqca6436wcn6851sa6155pqcs603_firmwareqca9888_firmwareqcn6122wcd9341ipq8068_firmwareqca6696_firmwaresd870_firmwareqca9988_firmwareqcn5154_firmwarewcn3910_firmwaresa8150pwsa8830_firmwareqca9992_firmwaresd865_5g_firmwarewcn3988qca6438sa8195p_firmwaresm8475qcn5022_firmwarewcn6750_firmwareqca9898ipq4028wcn3610qca6428_firmwareipq5018_firmwaresm6375qca9985_firmwarewcn3991ipq4018_firmwareqca8337_firmwaresda429w_firmwarewcd9380_firmwareipq8072aqca7500_firmwareqca9980_firmwareipq8076a_firmwareipq8078qca6564ausdx55m_firmwareipq8173wcn6856_firmwareqcn5164qca9558qca6574csr8811_firmwarewcd9380qualcomm215qcn5054_firmwareqcs410qcn5024ipq4019_firmwareqca8072_firmwareqca9985qcn9012_firmwarewcd9335_firmwareqcn5052_firmwarewcn3980ipq6018_firmwareqcs605wcd9340_firmwarewsa8815wcn6850pmp8074_firmwarewcn3910qca6320qca9986_firmwareqca6426_firmwarewcn3660b_firmwareqca9984ipq6028ipq8064qcn9024pmp8074wcn3980_firmwareqcn5550_firmwaresdx55mipq8064_firmwarewcn6740_firmwareqcn5064_firmwarear8031_firmwareipq8078_firmwareqcn5054qrb5165wcn6851_firmwareqcs603ipq8070qcn5502qca9994qca9980qcn9024_firmwareipq8174_firmwareqca6564a_firmwareqca9880qcm4290_firmwaresd480sd870wcn6855sd210_firmwareqcs610_firmwareqsm8250sa6145pipq6018qca9886_firmwarear8031apq8096auqcs405_firmwaresa8145pqca6391_firmwareqca4024wcd9370_firmwaresd780g_firmwaresdx55sd888_firmwareqcn5021_firmwaresa8155pcsra6640qca9531_firmwarear8035_firmwareqcm2290qsm8250_firmwareqcn5024_firmwarewcn3991_firmwaremdm9150_firmwarewsa8830qcn9070sa8145p_firmwareqcs2290_firmwareqca9563_firmwarecsra6620qca9987qcn9072qca9880_firmwareqca9992qcs4290sd765g_firmwareipq8069_firmwareqca6390_firmwareipq6000wcd9370ipq8072qcn5152_firmwareqca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareqca9984_firmwareqca9377ipq5018wcd9385_firmwaresdxr2_5g_firmwareqca9563ipq8074asd662qcn5124_firmwaresa8155qca6320_firmwareqcn5122_firmwaresdx55_firmwareqca6595auqcn6023_firmwarewcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwaresd778gsa6155p_firmwaresm6225ipq8174qca9990qcs6490sdxr2_5gqcn5052wcn3988_firmwareqcn9074sd205sa6145p_firmwaresd778g_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9335qca8081qcn6023ipq8071aqca6174a_firmwareipq8071a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390qca9898_firmwarewcd9375ar8035csr8811ipq4019qcn9100_firmwaresda429wsd210wcn3620_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewsa8815_firmwareqcm6490wcn6850_firmwarewsa8835_firmwarewcn3620qca6564aqca9988qca8072qcm2290_firmwarewcn3990qcn9000sd780gsd865_5gar9380_firmwareqcn9012sd888qca9558_firmwareqcn6122_firmwareipq8065_firmwarewsa8835sd665_firmwaresd888_5gqcn5154qca8075_firmwareipq4018qca6574awcn6855_firmwareqca9889qca6174asm7325pqca9888ipq8074qca9994_firmwarewcn6750ipq8070a_firmwareipq8076_firmwareqca6574_firmwareqca9886qcn5502_firmwaresm7325p_firmwaresd665ipq8076sd765qca6574a_firmwareqcn5021ipq8069qcn5152sd768g_firmwaresm7315sd460qca6391qcn9100sdx65_firmwareqcm4290qcm6490_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwaresm6225_firmwareqca9531ipq8074_firmwareqca6574auqca9889_firmwaresa8155p_firmwareqcn5122sd205_firmwarewcd9341_firmwarewsa8810mdm9150wcn6856qcn5022sd768gipq6010_firmwarewcn6740qca6696sa6150pqca8075qcn9022_firmwareapq8096au_firmwareqcn6024qcn9022qca9990_firmwareipq8070aqcn9072_firmwaresm7250pipq6000_firmwaresdx12ipq8071_firmwareqcs410_firmwareqcn9074_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-25395
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.28% / 50.64%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-20||Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.

Action-Not Available
Vendor-SamsungSamsung ElectronicsGoogle LLC
Product-androidSamsung Mobile Devices Mobile Devices
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-25394
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.93% / 75.13%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-20||Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

Action-Not Available
Vendor-SamsungSamsung ElectronicsGoogle LLC
Product-androidSamsung Mobile Devices Mobile Devices
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-20261
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 20:10
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelkernel
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-0564
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.50%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 10:59
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • Previous
  • 1
  • 2
  • Next
Details not found