CWE-667: Improper Locking — known CVE vulnerabilities
CVEs classified under CWE-667 (Improper Locking), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2020-12658 — CVSS 9.8 (critical): gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream…
CVE-2019-5886 — CVSS 9.8 (critical): An issue was discovered in ShopXO 1.2.0. In the application\install\controller\Index.php file, there is no validation lock file in the Add…
CVE-2026-43215 — CVSS 8.8 (high): In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We used to use the…
CVE-2026-31629 — CVSS 8.8 (high): In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In…
CVE-2020-15674 — CVSS 8.8 (high): Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we…
CVE-2021-1622 — CVSS 8.6 (high): A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow…
CVE-2020-24606 — CVSS 8.6 (high): Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during…
CVE-2018-0228 — CVSS 8.6 (high): A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated…
CVE-2020-11284 — CVSS 8.4 (high): Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region…
CVE-2024-58087 — CVSS 8.1 (high): In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the…
CVE-2023-32258 — CVSS 8.1 (high): A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of…
CVE-2023-32257 — CVSS 8.1 (high): A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of…
CVE-2026-46112 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out…
CVE-2026-43211 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI…
CVE-2026-31667 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep…
CVE-2026-23103 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per…
CVE-2022-50518 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: parisc: Fix locking in pdc_iodc_print() firmware call Utilize pdc_lock…
CVE-2018-9344 — CVSS 7.8 (high): In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local…
CVE-2024-44951 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is…
CVE-2024-38664 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the…
CVE-2021-47242 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lookup in subflow_error_report() Maxim reported a soft…
CVE-2024-27021 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding…
CVE-2024-26934 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the…
CVE-2024-26933 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and…
CVE-2023-52524 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list…
CVE-2023-3781 — CVSS 7.8 (high): there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional…
CVE-2023-2007 — CVSS 7.8 (high): The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations…
CVE-2023-21000 — CVSS 7.8 (high): In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no…
CVE-2023-20939 — CVSS 7.8 (high): In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead…
CVE-2022-32811 — CVSS 7.8 (high): A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8…
CVE-2021-39640 — CVSS 7.8 (high): In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation…
CVE-2021-0529 — CVSS 7.8 (high): In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of…
CVE-2019-8829 — CVSS 7.8 (high): A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update…
CVE-2020-0420 — CVSS 7.8 (high): In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to…
CVE-2020-15529 — CVSS 7.8 (high): An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a…
CVE-2010-4210 — CVSS 7.8 (high): The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which…
CVE-2002-0051 — CVSS 7.8 (high): Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read…
CVE-2026-53180 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix livelock in tmigr_handle_remote_up()…
CVE-2026-46031 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Reinstate disabling of BHs around IRQ handler If the…
CVE-2026-43296 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ…
CVE-2026-43253 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinlock With iommu.strict=1, the…
CVE-2026-43029 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp_recvmsg() syzbot reported a soft lockup…
CVE-2026-31598 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock between unlink and dio_end_io_write…
CVE-2026-31467 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion…
CVE-2026-23419 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot…
CVE-2026-21914 — CVSS 7.5 (high): An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based…
CVE-2023-44119 — CVSS 7.5 (high): Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.
CVE-2023-38505 — CVSS 7.5 (high): DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a…