CWE-764: Multiple Locks of a Critical Resource

ID CWE-764

Abstraction Base

Structure Simple

Status Incomplete

Number of CVEs 1

The product locks a critical resource more times than intended, leading to an unexpected state in the system.

When a product is operating in a concurrent environment and repeatedly locks a critical resource, the consequences will vary based on the type of lock, the lock's implementation, and the resource being protected. In some situations such as with semaphores, the resources are pooled and extra locking calls will reduce the size of the total available pool, possibly leading to degraded performance or a denial of service. If this can be triggered by an attacker, it will be similar to an unrestricted lock (CWE-412). In the context of a binary lock, it is likely that any duplicate locking attempts will never succeed since the lock is already held and progress may not be possible.

Modes of Introduction

Phase	Note
Implementation

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-667	Improper Locking	Class	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-675	Multiple Operations on Resource in Single-Operation Context	Class	Simple	Draft
CWE-1305	CISQ Quality Measures (2020)	Incomplete	CWE-662	Improper Synchronization	Class	Simple	Draft
CWE-1340	CISQ Data Protection Measures	Incomplete	CWE-662	Improper Synchronization	Class	Simple	Draft

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date