{"@ID": "833", "@Name": "Deadlock", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.", "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "667", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "662", "@View_ID": "1305", "@Ordinal": "Primary"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Resultant"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Common_Consequences": {"Consequence": {"Scope": "Availability", "Impact": ["DoS: Resource Consumption (CPU)", "DoS: Resource Consumption (Other)", "DoS: Crash, Exit, or Restart"], "Note": "Each thread of execution will \"hang\" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop."}}, "Detection_Methods": {"Detection_Method": {"@Detection_Method_ID": "DM-14", "Method": "Automated Static Analysis", "Description": "Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect \"sources\" (origins of input) with \"sinks\" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)", "Effectiveness": "High"}}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-1999-1476", "Description": "A bug in some Intel Pentium processors allow DoS (hang) via an invalid \"CMPXCHG8B\" instruction, causing a deadlock", "Link": "https://www.cve.org/CVERecord?id=CVE-1999-1476"}, {"Reference": "CVE-2009-2857", "Description": "OS deadlock", "Link": "https://www.cve.org/CVERecord?id=CVE-2009-2857"}, {"Reference": "CVE-2009-1961", "Description": "OS deadlock involving 3 separate functions", "Link": "https://www.cve.org/CVERecord?id=CVE-2009-1961"}, {"Reference": "CVE-2009-2699", "Description": "deadlock in library", "Link": "https://www.cve.org/CVERecord?id=CVE-2009-2699"}, {"Reference": "CVE-2009-4272", "Description": "deadlock triggered by packets that force collisions in a routing table", "Link": "https://www.cve.org/CVERecord?id=CVE-2009-4272"}, {"Reference": "CVE-2002-1850", "Description": "read/write deadlock between web server and script", "Link": "https://www.cve.org/CVERecord?id=CVE-2002-1850"}, {"Reference": "CVE-2004-0174", "Description": "web server deadlock involving multiple listening connections", "Link": "https://www.cve.org/CVERecord?id=CVE-2004-0174"}, {"Reference": "CVE-2009-1388", "Description": "multiple simultaneous calls to the same function trigger deadlock.", "Link": "https://www.cve.org/CVERecord?id=CVE-2009-1388"}, {"Reference": "CVE-2006-5158", "Description": "chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-5158"}, {"Reference": "CVE-2006-4342", "Description": "deadlock when an operation is performed on a resource while it is being removed.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-4342"}, {"Reference": "CVE-2006-2374", "Description": "Deadlock in device driver triggered by using file handle of a related device.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-2374"}, {"Reference": "CVE-2006-2275", "Description": "Deadlock when large number of small messages cannot be processed quickly enough.", "Link": "https://www.cve.org/CVERecord?id=CVE-2006-2275"}, {"Reference": "CVE-2005-3847", "Description": "OS kernel has deadlock triggered by a signal during a core dump.", "Link": "https://www.cve.org/CVERecord?id=CVE-2005-3847"}, {"Reference": "CVE-2005-3106", "Description": "Race condition leads to deadlock.", "Link": "https://www.cve.org/CVERecord?id=CVE-2005-3106"}, {"Reference": "CVE-2005-2456", "Description": "Chain: array index error (CWE-129) leads to deadlock (CWE-833)", "Link": "https://www.cve.org/CVERecord?id=CVE-2005-2456"}]}, "Taxonomy_Mappings": {"Taxonomy_Mapping": {"@Taxonomy_Name": "The CERT Oracle Secure Coding Standard for Java (2011)", "Entry_ID": "LCK08-J", "Entry_Name": "Ensure actively held locks are released on exceptional conditions"}}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "25"}}, "References": {"Reference": [{"@External_Reference_ID": "REF-62", "@Section": "Chapter 13, \"Synchronization Problems\", section \"Starvation and Deadlocks\", Page 760"}, {"@External_Reference_ID": "REF-783", "@Section": "Chapter 7, \"Concurrency\", section \"Mutual Exclusion and Deadlock\", Page 248"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2010-12-12", "Submission_Version": "1.11", "Submission_ReleaseDate": "2010-12-13"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-05-03", "Modification_Version": "2.11", "Modification_ReleaseDate": "2017-05-05", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2018-03-27", "Modification_Version": "3.1", "Modification_ReleaseDate": "2018-03-27", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-01-03", "Modification_Version": "3.2", "Modification_ReleaseDate": "2019-01-03", "Modification_Comment": "updated Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-08-20", "Modification_Version": "4.2", "Modification_ReleaseDate": "2020-08-20", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-07-20", "Modification_Version": "4.5", "Modification_ReleaseDate": "2021-07-20", "Modification_Comment": "updated Observed_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Detection_Factors, Time_of_Introduction, Weakness_Ordinalities"}]}}
