BaseDraft

CWE-368Context Switching Race Condition

Category: logic

Description

A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch. This is commonly seen in web browser vulnerabilities in which the attacker can perform certain actions while the browser is transitioning from a trusted to an untrusted domain, or vice versa, and the browser performs the actions on one domain using the trust level and resources of the other domain.

Common consequences· 1

  • Integrity / Confidentiality — Modify Application Data, Read Application Data

Related CAPEC attack patterns· 2

CAPEC-26CAPEC-29

References

  1. https://cwe.mitre.org/data/definitions/368.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternLeveraging Race Conditionscapec-26100%live
AttackPatternLeveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditionscapec-29100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Privilege Context Switching Error
CWE
Race Condition During Access to Alternate Channel
CWE
Race Condition within a Thread
CWE
Race Condition Enabling Link Following
CWE
Hardware Logic Contains Race Conditions
CWE
Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.