ClassDraft

CWE-667Improper Locking

Category: other

Description

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Common consequences· 1

  • Availability — DoS: Resource Consumption (CPU)
    Inconsistent locking discipline can lead to deadlock.

Potential mitigations· 1

  • [Implementation]Use industry standard APIs to implement locking mechanism.

Related CAPEC attack patterns· 3

CAPEC-25CAPEC-26CAPEC-27

References

  1. https://cwe.mitre.org/data/definitions/667.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternForced Deadlockcapec-25100%live
AttackPatternLeveraging Race Conditionscapec-26100%live
AttackPatternLeveraging Race Conditions via Symbolic Linkscapec-27100%live

(incoming)5

TypeTargetConfidenceTier
VulnerabilityApple Multiple Products Improper Locking Vulnerabilitycve-2025-435100%live
VulnerabilityCVE-2026-31629cve-2026-316290%live
VulnerabilityCVE-2026-43215cve-2026-432150%live
KEVEntryApple Multiple Products Race Condition Vulnerabilitykev-cve-2021-17820%live
KEVEntryApple Multiple Products Improper Locking Vulnerabilitykev-cve-2025-435100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Resource Locking
CWE
Missing Lock Check
CWE
Incorrect Synchronization
CWE
Improper Synchronization
CWE
Improper Resource Shutdown or Release
CWE
Missing Synchronization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.