CWE - CWE-765: Multiple Unlocks of a Critical Resource (2.1)

Home > CWE List > CWE- Individual Dictionary Definition (2.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-765: Multiple Unlocks of a Critical Resource

Multiple Unlocks of a Critical Resource

Weakness ID: 765 (Weakness Variant)

Status: Incomplete

Description

Description Summary

The software unlocks a critical resource more times than intended, leading to an unexpected state in the system.

Extended Description

When software is operating in a concurrent environment and repeatedly unlocks a critical resource, the consequences will vary based on the type of lock, the lock's implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra calls to unlock will increase the count for the number of available resources, likely resulting in a crash or unpredictable behavior when the system nears capacity.

Time of Introduction

Implementation

Common Consequences

Scope	Effect
Availability Integrity	Technical Impact: DoS: crash / exit / restart; Modify memory; Unexpected state

Observed Examples

Reference	Description
CVE-2009-0935	Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice

Potential Mitigations

Phase: Implementation

When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Base	667	Improper Locking	Development Concepts (primary)699 Research Concepts (primary)1000
ChildOf	Weakness Class	675	Duplicate Operations on Resource	Research Concepts1000

Maintenance Notes

An alternate way to think about this weakness is as an imbalance between the number of locks / unlocks in the control flow. Over the course of execution, if each lock call is not followed by a subsequent call to unlock in a reasonable amount of time, then system performance may be degraded or at least operating at less than peak levels if there is competition for the locks. This entry may need to be modified to reflect these concepts in the future.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2009-03-03			Internal CWE Team
2009-03-03
Modifications
Modification Date	Modifier	Organization	Source
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences
2011-06-27	CWE Content Team	MITRE	Internal
2011-06-27	updated Common_Consequences

Page Last Updated: September 12, 2011


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us