The software locks a critical resource more times than intended, leading to an unexpected state in the system.
When software is operating in a concurrent environment and repeatedly locks a critical resource, the consequences will vary based on the type of lock, the lock's implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra locking calls will reduce the size of the total available pool, possibly leading to degraded performance or a denial of service. If this can be triggered by an attacker, it will be similar to an unrestricted lock (CWE-412). In the context of a binary lock, it is likely that any duplicate locking attempts will never succeed since the lock is already held and progress may not be possible.
When locking and unlocking a resource, try to be sure that all control
paths through the code in which the resource is locked one or more times
correspond to exactly as many unlocks. If the software acquires a lock
and then determines it is not able to perform its intended behavior, be
sure to release the lock(s) before waiting for conditions to improve.
Reacquire the lock(s) before trying again.
An alternate way to think about this weakness is as an imbalance between
the number of locks / unlocks in the control flow. Over the course of
execution, if each lock call is not followed by a subsequent call to unlock
in a reasonable amount of time, then system performance may be degraded or
at least operating at less than peak levels if there is competition for the
locks. This entry may need to be modified to reflect these concepts in the