Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-368:Context Switching Race Condition
Weakness ID:368
Version:v4.17
Weakness Name:Context Switching Race Condition
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
5Vulnerabilities found
CVE-2024-34731
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.7||HIGH
EPSS-0.01% / 1.04%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 21:56
Updated-17 Dec, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-368
Context Switching Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-21806
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-2.00% / 82.89%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 17:40
Updated-15 Apr, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.

Action-Not Available
Vendor-ankerAnker
Product-eufy_homebase_2_firmwareeufy_homebase_2Eufy Homebase 2
CWE ID-CWE-368
Context Switching Race Condition
CWE ID-CWE-416
Use After Free
CVE-2021-32025
Assigner-BlackBerry
ShareView Details
Assigner-BlackBerry
CVSS Score-8.1||HIGH
EPSS-0.03% / 8.25%
||
7 Day CHG-0.01%
Published-09 Mar, 2022 | 20:37
Updated-22 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.

Action-Not Available
Vendor-BlackBerry Limited
Product-qnx_os_for_medicalqnx_os_for_safetyqnx_momenticsqnx_software_development_platformQNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)
CWE ID-CWE-368
Context Switching Race Condition
CVE-2021-21941
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-1.80% / 82.04%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 13:35
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.

Action-Not Available
Vendor-ankern/a
Product-eufy_homebase_2_firmwareeufy_homebase_2Anker
CWE ID-CWE-368
Context Switching Race Condition
CWE ID-CWE-416
Use After Free
CVE-2020-8834
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-09 Apr, 2020 | 22:10
Updated-16 Sep, 2024 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file")

Action-Not Available
Vendor-Linux kernelIBM CorporationopenSUSELinux Kernel Organization, IncCanonical Ltd.
Product-ubuntu_linuxlinux_kernelpower8leapLinux kernel
CWE ID-CWE-368
Context Switching Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')