DeadlockID: 833 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
The software contains multiple threads or executable segments
that are waiting for each other to release a necessary lock, resulting in
deadlock.
Applicable PlatformsNone
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: resource consumption
(CPU)DoS: resource consumption
(other)DoS: crash / exit /
restart | Each thread of execution will "hang" and prevent tasks from
completing. In some cases, CPU consumption may occur if a lock check
occurs in a tight loop. |
Detection MethodsNone
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-833 ChildOf CWE-853 | Category | CWE-844 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2009-2857 : OS deadlock
- CVE-2009-1961 : OS deadlock involving 3 separate functions
- CVE-2009-2699 : deadlock in library
- CVE-2009-4272 : deadlock triggered by packets that force collisions in a routing table
- CVE-2002-1850 : read/write deadlock between web server and script
- CVE-2004-0174 : web server deadlock involving multiple listening connections
- CVE-2009-1388 : multiple simultaneous calls to the same function trigger deadlock.
- CVE-2006-5158 : chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
- CVE-2006-4342 : deadlock when an operation is performed on a resource while it is being removed.
- CVE-2006-2374 : Deadlock in device driver triggered by using file handle of a related device.
- CVE-2006-2275 : Deadlock when large number of small messages cannot be processed quickly enough.
- CVE-2005-3847 : OS kernel has deadlock triggered by a signal during a core dump.
- CVE-2005-3106 : Race condition leads to deadlock.
- CVE-2005-2456 : Chain: array index error (CWE-129) leads to deadlock (CWE-833)
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CERT Java Secure Coding | LCK08-J | Ensure actively held locks are released on exceptional
conditions | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 13, "Synchronization Problems" / "Starvation and
Deadlocks", Page 760'. Published on 2006.
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 13, "Starvation and Deadlocks", Page
760.'. Published on 2006.
- Robert C. Seacord .Secure Coding in C and C++. Addison Wesley. Section:'Chapter 7, "Concurrency", section "Mutual Exclusion and
Deadlock", Page 248.'. Published on 2006.