CWE-662 (Improper Synchronization) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-39865 | 2026-04-08 | Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malic… |
| CVE-2026-28789 | 2026-03-05 | OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurre… |
| CVE-2025-22853 | 2025-08-12 | Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-58131 | 2025-04-06 | FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time valu… |
| CVE-2025-27104 | 2025-02-21 | vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multi… |
| CVE-2024-7409 | 2024-08-05 | A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server i… |
| CVE-2024-32644 | 2024-04-19 | Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibi… |
| CVE-2024-30387 | 2024-04-12 | A Missing Synchronization vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on ACX5448 and ACX710 allows an unauthenticated, adjacent attacker to cause a Denial-of-Servi… |
| CVE-2021-46939 | 2024-02-27 | In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would c… |
| CVE-2023-45084 | 2023-12-05 | An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives d… |
| CVE-2023-5088 | 2023-11-03 | A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for… |
| CVE-2023-2801 | 2023-06-06 | Grafana is an open-source platform for monitoring and observability. Using public dashboards users can query multiple distinct data sources using mixed queries. However such query has a possibility … |
| CVE-2023-20625 | 2023-03-07 | In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitat… |
| CVE-2023-20611 | 2023-02-06 | In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit… |
| CVE-2023-20610 | 2023-02-06 | In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed … |
| CVE-2023-20607 | 2023-02-06 | In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl… |
| CVE-2022-32643 | 2023-02-06 | In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit… |
| CVE-2022-32642 | 2023-02-06 | In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl… |
| CVE-2022-23005 | 2023-01-23 | Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UF… |
| CVE-2022-32648 | 2023-01-03 | In disp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-07-01 | Eric Dalci | 1.0 | — | updated Potential_Mitigations, Time_of_Introduction |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Relationships |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Relationships |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Related_Attack_Patterns |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Relationships |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Name, Relationships |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Description, Relationships, Taxonomy_Mappings |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2013-07-17 | CWE Content Team | 2.5 | — | updated Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Type |
| 2019-09-23 | CWE Content Team | 3.4.1 | — | updated Description, Maintenance_Notes, Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Description, Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Demonstrative_Examples, Observed_Examples |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Description, Detection_Factors, Relationships, Weakness_Ordinalities |
| 2026-04-30 | CWE Content Team | 4.20 | — | updated Maintenance_Notes, Research_Gaps |