Common Weakness Enumeration

CWE-362

Allowed-with-Review

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Abstraction: Class · Status: Draft

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

2900 vulnerabilities reference this CWE, most recent first.

GHSA-V988-C4MF-M38H

Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31
VLAI
Details

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-50169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T18:15:35Z",
    "severity": "HIGH"
  },
  "details": "Concurrent execution using shared resource with improper synchronization (\u0027race condition\u0027) in Windows SMB allows an unauthorized attacker to execute code over a network.",
  "id": "GHSA-v988-c4mf-m38h",
  "modified": "2025-08-12T18:31:31Z",
  "published": "2025-08-12T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50169"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-50169"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V98W-RC85-GP5V

Vulnerability from github – Published: 2024-03-08 03:31 – Updated: 2026-04-02 21:31
VLAI
Details

A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-08T02:15:47Z",
    "severity": "HIGH"
  },
  "details": "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.",
  "id": "GHSA-v98w-rc85-gp5v",
  "modified": "2026-04-02T21:31:37Z",
  "published": "2024-03-08T03:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23235"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120880"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120881"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120882"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120883"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120893"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120895"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214081"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214082"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214084"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214086"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214087"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214088"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214082"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214084"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214087"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214088"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V9GJ-JV4F-PMR6

Vulnerability from github – Published: 2023-03-14 18:30 – Updated: 2023-03-14 18:30
VLAI
Details

Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-23393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-14T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability",
  "id": "GHSA-v9gj-jv4f-pmr6",
  "modified": "2023-03-14T18:30:18Z",
  "published": "2023-03-14T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23393"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23393"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V9VM-9353-CG37

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45603"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362",
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:28Z",
    "severity": "HIGH"
  },
  "details": "Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-v9vm-9353-cg37",
  "modified": "2026-06-09T18:30:52Z",
  "published": "2026-06-09T18:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45603"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45603"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V9W2-543F-H69M

Vulnerability from github – Published: 2023-11-14 20:28 – Updated: 2023-11-14 21:37
VLAI
Summary
Fabric vulnerable to crosslinking transaction attack
Details

Short summary

Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules.

In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer.

Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a "cross-linked block" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block.

Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks.

Impact

In V1 and V2, we only have a crash fault tolerant orderer and as such, the security model Fabric operates in is that the orderer is honest, but peers may be malicious. As such, a peer that replicates a block from a malicious peer can have a state fork.

In V3 which we did not a release a GA yet (only a preview), we have a byzantine fault tolerant orderering service, so the security model that Fabric operates in such a case includes malicious orderers. If the orderer is malicious, it can cause state forks for peers, and can infect non-malicious orderers with cross-linked blocks.

Long summary

In order to create a signature on a big chunk of data such as a block, the data needs to be "compressed" first to the input size of the signature algorithm.

In Fabric's case, we use a hash function which compressed a Fabric block from arbitrary size to a 32 byte string.

In order to understand the problem we need to be more specific: The block structure has three parts to it: (1) Header, (2) Transactions, and (3) Metadata.

When hashing the block, the header and metadata are stitched together and then hashed, and this hash of the header and the metadata is what signed (it's a simplification but let's not get into details)

However, the transactions of the block are not part of the above hash. Instead, the header contains a hash, called the "Data hash" and despite the fact that in the comments it is said: "// The hash of the BlockData, by MerkleTree", actually it is far from being the case, and that is where our problem lies.

The problem is that the way the transactions are hashed gives an attacker some freedom in manipulating the data.

To create the Data Hash, the transactions in the block are concatenated to one another, creating a big long byte array and then this big long byte array is hashed, and this is essentially the Data Hash.

The transactions in the block are a list of raw byte arrays, and when they are concatenated they look like this:

|$$$$$$$$$$$$|*************|@@@@@@@@@@@@|%%%%%%%%%| (The vertical lines " | " represent how transactions are separated in a block.)

When the transactions are concatenated in order to be hashed, the payload that is hashed is: $$$$$$$$$$$$*************@@@@@@@@@@@@%%%%%%%%%

An adversary can't change the bytes of the concatenation, however what it can do, is to modify how transactions are encoded in the block:

For example, consider an adversary wants to manipulate a peer to skip the second transaction (**).

It can then create a block with the transactions as follows:

|$$$$$$$$$$$$*************|@@@@@@@@@@@@|%%%%%%%%%|

Notice that a block with the above transactions has the same concatenation of bytes as the original block, but the block has one less transaction - the first transaction is a concatenation of the first and second transactions in the original block.

When the peer receives this block, it looks at the first transaction and when it parses it, it completely ignores the * bytes, (we will see why soon), and so, an adversary can create a block with the same hash but different transactions and this would create a fork in the network.

I made a small PoC where I created a block with 2 transactions (by invoking two chaincodes at the same time) with a Raft orderer:

    [e][OrdererOrg.orderer] 2023-10-14 23:07:34.076 CEST 0079 INFO [orderer.consensus.etcdraft] propose -> Created block [10] with 2 transactions, there are 0 blocks in flight channel=testchannel node=1

But right after creating the block, I just modified only its transaction content (without modifying the block hash) and then the peers only detect a single transaction inside that block:

    [e][Org2.peer0] 2023-10-14 23:07:34.079 CEST 0099 INFO [kvledger] commit -> [testchannel] Committed block [10] with 1 transaction(s) in 0ms (state_validation=0ms block_and_pvtdata_commit=0ms state_commit=0ms) commitHash=[c5ecca818da9319af2f276dd01cd1337938f20c3535dd23f95a33933a114fe84]

The important takeaway from this experiment is that the peer does not detect any tempering was done to the block. If an attacker performs this attack, the network can be forked silently and no one will notice the network was forked until it's too late.

Patches

Here is the patch I propose (the explanation is further below):

diff --git a/internal/peer/gossip/mcs.go b/internal/peer/gossip/mcs.go
index b46df8b6a..9c3b5c8fd 100644
--- a/internal/peer/gossip/mcs.go
+++ b/internal/peer/gossip/mcs.go
@@ -150,6 +150,10 @@ func (s *MSPMessageCryptoService) VerifyBlock(chainID common.ChannelID, seqNum u
        return fmt.Errorf("Block with id [%d] on channel [%s] does not have metadata. Block not valid.", block.Header.Number, chainID)
    }

+   if err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {
+       return err
+   }
+
    // - Verify that Header.DataHash is equal to the hash of block.Data
    // This is to ensure that the header is consistent with the data carried by this block
    if !bytes.Equal(protoutil.BlockDataHash(block.Data), block.Header.DataHash) {
diff --git a/orderer/common/cluster/util.go b/orderer/common/cluster/util.go
index e229bebfc..05b1bfaa9 100644
--- a/orderer/common/cluster/util.go
+++ b/orderer/common/cluster/util.go
@@ -260,6 +260,9 @@ func VerifyBlockHash(indexInBuffer int, blockBuff []*common.Block) error {
    if block.Header == nil {
        return errors.New("missing block header")
    }
+   if err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {
+       return err
+   }
    seq := block.Header.Number
    dataHash := protoutil.BlockDataHash(block.Data)
    // Verify data hash matches the hash in the header
diff --git a/orderer/consensus/smartbft/verifier.go b/orderer/consensus/smartbft/verifier.go
index 2b9fdfc4c..f232a1eae 100644
--- a/orderer/consensus/smartbft/verifier.go
+++ b/orderer/consensus/smartbft/verifier.go
@@ -237,6 +237,10 @@ func verifyHashChain(block *cb.Block, prevHeaderHash string) error {
        return errors.Errorf("previous header hash is %s but expected %s", thisHdrHashOfPrevHdr, prevHeaderHash)
    }

+   if err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {
+       return err
+   }
+
    dataHash := hex.EncodeToString(block.Header.DataHash)
    actualHashOfData := hex.EncodeToString(protoutil.BlockDataHash(block.Data))
    if dataHash != actualHashOfData {
diff --git a/protoutil/blockutils.go b/protoutil/blockutils.go
index 8527869e4..fca3c386f 100644
--- a/protoutil/blockutils.go
+++ b/protoutil/blockutils.go
@@ -10,6 +10,7 @@ import (
    "bytes"
    "crypto/sha256"
    "encoding/asn1"
+   "encoding/base64"
    "fmt"
    "math/big"

@@ -298,3 +299,35 @@ func searchConsenterIdentityByID(consenters []*cb.Consenter, identifier uint32)
    }
    return nil
 }
+
+func VerifyTransactionsAreWellFormed(block *cb.Block) error {
+   if block == nil || block.Data == nil || len(block.Data.Data) == 0 {
+       return nil
+   }
+
+   for i, rawTx := range block.Data.Data {
+       env := &cb.Envelope{}
+       if err := proto.Unmarshal(rawTx, env); err != nil {
+           return fmt.Errorf("transaction %d is invalid: %v", i, err)
+       }
+
+       if len(env.Payload) == 0 {
+           return fmt.Errorf("transaction %d has no payload", i)
+       }
+
+       if len(env.Signature) == 0 {
+           return fmt.Errorf("transaction %d has no signature", i)
+       }
+
+       expected := MarshalOrPanic(env)
+       if len(expected) < len(rawTx) {
+           return fmt.Errorf("transaction %d has %d trailing bytes", i, len(rawTx)-len(expected))
+       }
+       if !bytes.Equal(expected, rawTx) {
+           return fmt.Errorf("transaction %d (%s) does not match its raw form (%s)", i,
+               base64.StdEncoding.EncodeToString(expected), base64.StdEncoding.EncodeToString(rawTx))
+       }
+   }
+
+   return nil
+}
diff --git a/protoutil/blockutils_test.go b/protoutil/blockutils_test.go
index b2159da9f..2871483f1 100644
--- a/protoutil/blockutils_test.go
+++ b/protoutil/blockutils_test.go
@@ -489,3 +489,109 @@ func TestBlockSignatureVerifierByCreator(t *testing.T) {
    require.Len(t, signatureSet, 1)
    require.Equal(t, []byte("creator1"), signatureSet[0].Identity)
 }
+
+func TestVerifyTransactionsAreWellFormed(t *testing.T) {
+   originalBlock := &cb.Block{
+       Data: &cb.BlockData{
+           Data: [][]byte{
+               marshalOrPanic(&cb.Envelope{
+                   Payload:   []byte{1, 2, 3},
+                   Signature: []byte{4, 5, 6},
+               }),
+               marshalOrPanic(&cb.Envelope{
+                   Payload:   []byte{7, 8, 9},
+                   Signature: []byte{10, 11, 12},
+               }),
+           },
+       },
+   }
+
+   forgedBlock := proto.Clone(originalBlock).(*cb.Block)
+   tmp := make([]byte, len(forgedBlock.Data.Data[0])+len(forgedBlock.Data.Data[1]))
+   copy(tmp, forgedBlock.Data.Data[0])
+   copy(tmp[len(forgedBlock.Data.Data[0]):], forgedBlock.Data.Data[1])
+   forgedBlock.Data.Data = [][]byte{tmp} // Replace transactions {0,1} with transaction {0 || 1}
+
+   for _, tst := range []struct {
+       name          string
+       expectedError string
+       block         *cb.Block
+   }{
+       {
+           name: "empty block",
+       },
+       {
+           name:  "no block data",
+           block: &cb.Block{},
+       },
+       {
+           name:  "no transactions",
+           block: &cb.Block{Data: &cb.BlockData{}},
+       },
+       {
+           name: "single transaction",
+           block: &cb.Block{Data: &cb.BlockData{Data: [][]byte{marshalOrPanic(&cb.Envelope{
+               Payload:   []byte{1, 2, 3},
+               Signature: []byte{4, 5, 6},
+           })}}},
+       },
+       {
+           name:  "good block",
+           block: originalBlock,
+       },
+       {
+           name:          "forged block",
+           block:         forgedBlock,
+           expectedError: "transaction 0 has 10 trailing bytes",
+       },
+       {
+           name:          "no signature",
+           expectedError: "transaction 0 has no signature",
+           block: &cb.Block{
+               Data: &cb.BlockData{
+                   Data: [][]byte{
+                       marshalOrPanic(&cb.Envelope{
+                           Payload: []byte{1, 2, 3},
+                       }),
+                   },
+               },
+           },
+       },
+       {
+           name:          "no payload",
+           expectedError: "transaction 0 has no payload",
+           block: &cb.Block{
+               Data: &cb.BlockData{
+                   Data: [][]byte{
+                       marshalOrPanic(&cb.Envelope{
+                           Signature: []byte{4, 5, 6},
+                       }),
+                   },
+               },
+           },
+       },
+       {
+           name:          "transaction invalid",
+           expectedError: "transaction 0 is invalid: proto: cannot parse invalid wire-format data",
+           block: &cb.Block{
+               Data: &cb.BlockData{
+                   Data: [][]byte{
+                       marshalOrPanic(&cb.Envelope{
+                           Payload:   []byte{1, 2, 3},
+                           Signature: []byte{4, 5, 6},
+                       })[9:],
+                   },
+               },
+           },
+       },
+   } {
+       t.Run(tst.name, func(t *testing.T) {
+           err := protoutil.VerifyTransactionsAreWellFormed(tst.block)
+           if tst.expectedError == "" {
+               require.NoError(t, err)
+           } else {
+               require.EqualError(t, err, tst.expectedError)
+           }
+       })
+   }
+}

The idea is as follows:

When we validate that the block's transactions match the hash in the header, we not only hash the transactions are earlier,

but also ensure that if the transactions in the block are encoded into bytes, they re-create the exact split in the original block: |$$$$$$$$$$$$|***********|@@@@@@@@@|%%%%%%%%%%%|

More specifically, each transaction in the block is parsed and then re-encoded to bytes, and we check that the original encoding of a transaction is as the second encoding after parsing the original bytes of the transaction.

This fix keeps the legacy way of hashing transactions to create the block data hash, but also aims to check if some manipulation was done.

To understand why the fix works, we need to understand how protobuf, the wire protocol that Fabric uses to encode transactions (and almost anything it sends over the wire or writes to disk) encodes a transaction.

A transaction is a protobuf message with two fields of bytes: (1) Payload and (2) Signature.

When encoding a field of bytes, protobuf first writes a tag for the field (a byte) and then writes the length of the field in variable-length encoding, and then the bytes themselves.

For example, to encode a transaction, protobuf writes 10 (the tag for payload), then two bytes for the length of the payload, then the payload, and then 18, the tag for the signature, and then a single byte for the length of the signature, and finally the signature.

Now, we can understand a proof sketch of why my solution works:

Assume in contradiction that an adversary takes a block of transactions and changes the split of the concatenation in a way that changes the transactions for a peer:

From |$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%| to (for example): From |$$$$$$$$$$$$************|@@@@@@@@@@@|...|%%%%%%%|

Since this split is not identical to the original split, there exists at least one transaction index of different size between the two splits. Let's look at the first transaction that is of different size.

For example, for the split:

|$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%| we have two options:

  1. The first transaction of different size is smaller in the new split: |$$$$$$$$$$$$|*****|*******|@@@@@@@@@@@|...|%%%%%%%| In such a case, it must contain both a payload and a signature, so it needs two fields (we can say we will return an error if one of the two is missing). If the protobuf parser detects it lacks bytes to parse a payload, it will fail with an error. Else, it has enough bytes to parse the payload, and then the signature is parsed. If the signature field is too short then we also error similarly.

  2. The first transaction of different size is bigger in the new split: |$$$$$$$$$$$$|************@@@@|@@@@@@@|...|%%%%%%%| In that case, once this transaction is parsed, the extra bytes are skipped, so encoding the transaction to bytes yields a shorter byte array, and we detect a tempering.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hyperledger/fabric"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0-alpha"
            },
            {
              "fixed": "2.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hyperledger/fabric"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-14T20:28:34Z",
    "nvd_published_at": "2023-11-14T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "# Short summary\n\nCombining two molecules to one another, called \"cross-linking\" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. \n\nIn Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block `B` and a second peer receives a block identical to `B` but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. \n\nOrderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a \"cross-linked block\" (block with cross-linked transactions) which alters the way peers process transactions. \nFor example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block.\n\nAdditional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks.\n\n## Impact\nIn V1 and V2, we only have a crash fault tolerant orderer and as such, the security model Fabric operates in is that the orderer is honest,\nbut peers may be malicious. As such, a peer that replicates a block from a malicious peer can have a state fork.\n\nIn V3 which we did not a release a GA yet (only a preview), we have a byzantine fault tolerant orderering service, so the security model that Fabric operates in such a case includes malicious orderers. If the orderer is malicious, it can cause state forks for peers, and can infect non-malicious orderers with cross-linked blocks.\n\n# Long summary\n\nIn order to create a signature on a big chunk of data  such as a block, the data needs to be \"compressed\" first to the input size of the signature algorithm.\n\nIn Fabric\u0027s case, we use a hash function which compressed a Fabric block from arbitrary size to a 32 byte string.\n\nIn order to understand the problem we need to be more specific: The block structure has three parts to it: (1) Header, (2) Transactions, and (3) Metadata.\n\nWhen hashing the block, the header and metadata are stitched together and then hashed, and this hash of the header and the metadata is what signed (it\u0027s a simplification but let\u0027s not get into details)\n\nHowever, the transactions of the block are not part of the above hash. Instead, the header contains a hash, called the \"Data hash\" and despite the fact that in the comments it is said: \"// The hash of the BlockData, by MerkleTree\", actually it is far from being the case, and that is where our problem lies.\n\nThe problem is that the way the transactions are hashed gives an attacker some freedom in manipulating the data. \n\nTo create the Data Hash, the transactions in the block are concatenated to one another, creating a big long byte array and then this big long byte array is hashed, and this is essentially the Data Hash.\n\nThe transactions in the block are a list of raw byte arrays, and when they are concatenated they look like this:\n\n`|$$$$$$$$$$$$|*************|@@@@@@@@@@@@|%%%%%%%%%|`  (The vertical lines \" | \" represent how transactions are separated in a block.)\n\nWhen the transactions are concatenated in order to be hashed, the payload that is hashed is: \n`$$$$$$$$$$$$*************@@@@@@@@@@@@%%%%%%%%%`\n\nAn adversary can\u0027t change the bytes of the concatenation, however what it can do, is to modify how transactions are encoded in the block:\n\nFor example, consider an adversary wants to manipulate a peer to skip the second transaction (******).\n\nIt can then create a block with the transactions as follows:\n\n`|$$$$$$$$$$$$*************|@@@@@@@@@@@@|%%%%%%%%%| `\n\nNotice that a block with the above transactions has the same concatenation of bytes as the original block, but the block has one less transaction - the first transaction is a concatenation of the first and second transactions in the original block.\n\nWhen the peer receives this block, it looks at the first transaction and when it parses it, it completely ignores the ***** bytes, (we will see why soon), and so, an adversary can create a block with the same hash but different transactions and this would create a fork in the network.\n \nI made a small PoC where I created a block with 2 transactions (by invoking two chaincodes at the same time) with a Raft orderer:\n\n```\n    [e][OrdererOrg.orderer] 2023-10-14 23:07:34.076 CEST 0079 INFO [orderer.consensus.etcdraft] propose -\u003e Created block [10] with 2 transactions, there are 0 blocks in flight channel=testchannel node=1\n```\n\nBut right after creating the block, I just modified only its transaction content (without modifying the block hash) and then the peers only detect a single transaction inside that block:\n \n```\n    [e][Org2.peer0] 2023-10-14 23:07:34.079 CEST 0099 INFO [kvledger] commit -\u003e [testchannel] Committed block [10] with 1 transaction(s) in 0ms (state_validation=0ms block_and_pvtdata_commit=0ms state_commit=0ms) commitHash=[c5ecca818da9319af2f276dd01cd1337938f20c3535dd23f95a33933a114fe84]\n```\n\nThe important takeaway from this experiment is that the peer does not detect any tempering was done to the block. If an attacker performs this attack, the network can be forked silently and no one will notice the network was forked until it\u0027s too late.\n\n \n\n# Patches\nHere is the patch I propose (the explanation is further below): \n\n```\ndiff --git a/internal/peer/gossip/mcs.go b/internal/peer/gossip/mcs.go\nindex b46df8b6a..9c3b5c8fd 100644\n--- a/internal/peer/gossip/mcs.go\n+++ b/internal/peer/gossip/mcs.go\n@@ -150,6 +150,10 @@ func (s *MSPMessageCryptoService) VerifyBlock(chainID common.ChannelID, seqNum u\n \t\treturn fmt.Errorf(\"Block with id [%d] on channel [%s] does not have metadata. Block not valid.\", block.Header.Number, chainID)\n \t}\n \n+\tif err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {\n+\t\treturn err\n+\t}\n+\n \t// - Verify that Header.DataHash is equal to the hash of block.Data\n \t// This is to ensure that the header is consistent with the data carried by this block\n \tif !bytes.Equal(protoutil.BlockDataHash(block.Data), block.Header.DataHash) {\ndiff --git a/orderer/common/cluster/util.go b/orderer/common/cluster/util.go\nindex e229bebfc..05b1bfaa9 100644\n--- a/orderer/common/cluster/util.go\n+++ b/orderer/common/cluster/util.go\n@@ -260,6 +260,9 @@ func VerifyBlockHash(indexInBuffer int, blockBuff []*common.Block) error {\n \tif block.Header == nil {\n \t\treturn errors.New(\"missing block header\")\n \t}\n+\tif err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {\n+\t\treturn err\n+\t}\n \tseq := block.Header.Number\n \tdataHash := protoutil.BlockDataHash(block.Data)\n \t// Verify data hash matches the hash in the header\ndiff --git a/orderer/consensus/smartbft/verifier.go b/orderer/consensus/smartbft/verifier.go\nindex 2b9fdfc4c..f232a1eae 100644\n--- a/orderer/consensus/smartbft/verifier.go\n+++ b/orderer/consensus/smartbft/verifier.go\n@@ -237,6 +237,10 @@ func verifyHashChain(block *cb.Block, prevHeaderHash string) error {\n \t\treturn errors.Errorf(\"previous header hash is %s but expected %s\", thisHdrHashOfPrevHdr, prevHeaderHash)\n \t}\n \n+\tif err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {\n+\t\treturn err\n+\t}\n+\n \tdataHash := hex.EncodeToString(block.Header.DataHash)\n \tactualHashOfData := hex.EncodeToString(protoutil.BlockDataHash(block.Data))\n \tif dataHash != actualHashOfData {\ndiff --git a/protoutil/blockutils.go b/protoutil/blockutils.go\nindex 8527869e4..fca3c386f 100644\n--- a/protoutil/blockutils.go\n+++ b/protoutil/blockutils.go\n@@ -10,6 +10,7 @@ import (\n \t\"bytes\"\n \t\"crypto/sha256\"\n \t\"encoding/asn1\"\n+\t\"encoding/base64\"\n \t\"fmt\"\n \t\"math/big\"\n \n@@ -298,3 +299,35 @@ func searchConsenterIdentityByID(consenters []*cb.Consenter, identifier uint32)\n \t}\n \treturn nil\n }\n+\n+func VerifyTransactionsAreWellFormed(block *cb.Block) error {\n+\tif block == nil || block.Data == nil || len(block.Data.Data) == 0 {\n+\t\treturn nil\n+\t}\n+\n+\tfor i, rawTx := range block.Data.Data {\n+\t\tenv := \u0026cb.Envelope{}\n+\t\tif err := proto.Unmarshal(rawTx, env); err != nil {\n+\t\t\treturn fmt.Errorf(\"transaction %d is invalid: %v\", i, err)\n+\t\t}\n+\n+\t\tif len(env.Payload) == 0 {\n+\t\t\treturn fmt.Errorf(\"transaction %d has no payload\", i)\n+\t\t}\n+\n+\t\tif len(env.Signature) == 0 {\n+\t\t\treturn fmt.Errorf(\"transaction %d has no signature\", i)\n+\t\t}\n+\n+\t\texpected := MarshalOrPanic(env)\n+\t\tif len(expected) \u003c len(rawTx) {\n+\t\t\treturn fmt.Errorf(\"transaction %d has %d trailing bytes\", i, len(rawTx)-len(expected))\n+\t\t}\n+\t\tif !bytes.Equal(expected, rawTx) {\n+\t\t\treturn fmt.Errorf(\"transaction %d (%s) does not match its raw form (%s)\", i,\n+\t\t\t\tbase64.StdEncoding.EncodeToString(expected), base64.StdEncoding.EncodeToString(rawTx))\n+\t\t}\n+\t}\n+\n+\treturn nil\n+}\ndiff --git a/protoutil/blockutils_test.go b/protoutil/blockutils_test.go\nindex b2159da9f..2871483f1 100644\n--- a/protoutil/blockutils_test.go\n+++ b/protoutil/blockutils_test.go\n@@ -489,3 +489,109 @@ func TestBlockSignatureVerifierByCreator(t *testing.T) {\n \trequire.Len(t, signatureSet, 1)\n \trequire.Equal(t, []byte(\"creator1\"), signatureSet[0].Identity)\n }\n+\n+func TestVerifyTransactionsAreWellFormed(t *testing.T) {\n+\toriginalBlock := \u0026cb.Block{\n+\t\tData: \u0026cb.BlockData{\n+\t\t\tData: [][]byte{\n+\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\tPayload:   []byte{1, 2, 3},\n+\t\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t\t}),\n+\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\tPayload:   []byte{7, 8, 9},\n+\t\t\t\t\tSignature: []byte{10, 11, 12},\n+\t\t\t\t}),\n+\t\t\t},\n+\t\t},\n+\t}\n+\n+\tforgedBlock := proto.Clone(originalBlock).(*cb.Block)\n+\ttmp := make([]byte, len(forgedBlock.Data.Data[0])+len(forgedBlock.Data.Data[1]))\n+\tcopy(tmp, forgedBlock.Data.Data[0])\n+\tcopy(tmp[len(forgedBlock.Data.Data[0]):], forgedBlock.Data.Data[1])\n+\tforgedBlock.Data.Data = [][]byte{tmp} // Replace transactions {0,1} with transaction {0 || 1}\n+\n+\tfor _, tst := range []struct {\n+\t\tname          string\n+\t\texpectedError string\n+\t\tblock         *cb.Block\n+\t}{\n+\t\t{\n+\t\t\tname: \"empty block\",\n+\t\t},\n+\t\t{\n+\t\t\tname:  \"no block data\",\n+\t\t\tblock: \u0026cb.Block{},\n+\t\t},\n+\t\t{\n+\t\t\tname:  \"no transactions\",\n+\t\t\tblock: \u0026cb.Block{Data: \u0026cb.BlockData{}},\n+\t\t},\n+\t\t{\n+\t\t\tname: \"single transaction\",\n+\t\t\tblock: \u0026cb.Block{Data: \u0026cb.BlockData{Data: [][]byte{marshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\tPayload:   []byte{1, 2, 3},\n+\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t})}}},\n+\t\t},\n+\t\t{\n+\t\t\tname:  \"good block\",\n+\t\t\tblock: originalBlock,\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"forged block\",\n+\t\t\tblock:         forgedBlock,\n+\t\t\texpectedError: \"transaction 0 has 10 trailing bytes\",\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"no signature\",\n+\t\t\texpectedError: \"transaction 0 has no signature\",\n+\t\t\tblock: \u0026cb.Block{\n+\t\t\t\tData: \u0026cb.BlockData{\n+\t\t\t\t\tData: [][]byte{\n+\t\t\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\t\t\tPayload: []byte{1, 2, 3},\n+\t\t\t\t\t\t}),\n+\t\t\t\t\t},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"no payload\",\n+\t\t\texpectedError: \"transaction 0 has no payload\",\n+\t\t\tblock: \u0026cb.Block{\n+\t\t\t\tData: \u0026cb.BlockData{\n+\t\t\t\t\tData: [][]byte{\n+\t\t\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t\t\t\t}),\n+\t\t\t\t\t},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"transaction invalid\",\n+\t\t\texpectedError: \"transaction 0 is invalid: proto: cannot parse invalid wire-format data\",\n+\t\t\tblock: \u0026cb.Block{\n+\t\t\t\tData: \u0026cb.BlockData{\n+\t\t\t\t\tData: [][]byte{\n+\t\t\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\t\t\tPayload:   []byte{1, 2, 3},\n+\t\t\t\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t\t\t\t})[9:],\n+\t\t\t\t\t},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t} {\n+\t\tt.Run(tst.name, func(t *testing.T) {\n+\t\t\terr := protoutil.VerifyTransactionsAreWellFormed(tst.block)\n+\t\t\tif tst.expectedError == \"\" {\n+\t\t\t\trequire.NoError(t, err)\n+\t\t\t} else {\n+\t\t\t\trequire.EqualError(t, err, tst.expectedError)\n+\t\t\t}\n+\t\t})\n+\t}\n+}\n\n```\n\nThe idea is as follows:\n\nWhen we validate that the block\u0027s transactions match the hash in the header, we not only hash the transactions are earlier, \n\nbut also ensure that if the transactions in the block are encoded into bytes, they re-create the exact split in the original block: `|$$$$$$$$$$$$|***********|@@@@@@@@@|%%%%%%%%%%%|`\n\nMore specifically, each transaction in the block is parsed and then re-encoded to bytes, and we check that the original encoding of a transaction is as the second encoding after parsing the original bytes of the transaction.\n\nThis fix keeps the legacy way of hashing transactions to create the block data hash, but also aims to check if some manipulation was done.\n\n \nTo understand why the fix works, we need to understand how protobuf, the wire protocol that Fabric uses to encode transactions (and almost anything it sends over the wire or writes to disk) encodes a transaction.\n\nA transaction is a protobuf message with two fields of bytes: (1) Payload and (2) Signature.\n\nWhen encoding a field of bytes, protobuf first writes a tag for the field (a byte) and then writes the length of the field in variable-length encoding, and then the bytes themselves.\n\nFor example, to encode a transaction, protobuf writes 10 (the tag for payload), then two bytes for the length of the payload, then the payload, and then 18, the tag for the signature, and then a single byte for the length of the signature, and finally the signature.\n\nNow, we can understand a proof sketch of why my solution works:\n\nAssume in contradiction that an adversary takes a block of transactions and changes the split of the concatenation in a way that changes the transactions for a peer:\n\nFrom `|$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%|` to (for example): From `|$$$$$$$$$$$$************|@@@@@@@@@@@|...|%%%%%%%|` \n\nSince this split is not identical to the original split, there exists at least one transaction index of different size between the two splits. Let\u0027s look at the first transaction that is of different size.\n\nFor example, for the split:\n\n`|$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%|`  we have two options:\n\n1.  The first transaction of different size is smaller in the new split:  `|$$$$$$$$$$$$|*****|*******|@@@@@@@@@@@|...|%%%%%%%|`  In such a case, it must contain both a payload and a signature, so it needs two fields (we can say we will return an error if one of the two is missing). If the protobuf parser detects it lacks bytes to parse a payload, it will fail with an error. Else, it has enough bytes to parse the payload, and then the signature is parsed. If the signature field is too short then we also error similarly.\n\n2. The first transaction of different size is bigger in the new split: `|$$$$$$$$$$$$|************@@@@|@@@@@@@|...|%%%%%%%|` \nIn that case, once this transaction is parsed, the extra bytes are skipped, so encoding the transaction to bytes yields a shorter byte array, and we detect a tempering.\n\n",
  "id": "GHSA-v9w2-543f-h69m",
  "modified": "2023-11-14T21:37:09Z",
  "published": "2023-11-14T20:28:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/pull/4503"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/pull/4504"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/commit/389b2e66de9a6fbc6043216d554c97bbbdf0e008"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/commit/93bef10bd3ce3c54d7f3b064f765dbde61da7def"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hyperledger/fabric"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/releases/tag/v2.2.14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/releases/tag/v2.5.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fabric vulnerable to crosslinking transaction attack"
}

GHSA-V9X2-V49G-3V4C

Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2022-07-15 00:00
VLAI
Details

In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-21774"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-06T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447.",
  "id": "GHSA-v9x2-v49g-3v4c",
  "modified": "2022-07-15T00:00:24Z",
  "published": "2022-07-07T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21774"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V9XQ-33QH-XX79

Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2022-11-04 12:00
VLAI
Details

A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A race condition was addressed with improved locking. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-v9xq-33qh-xx79",
  "modified": "2022-11-04T12:00:22Z",
  "published": "2022-11-02T12:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42832"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213488"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213489"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VCFF-8FR9-9FHX

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:36Z",
    "severity": "HIGH"
  },
  "details": "Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-vcff-8fr9-9fhx",
  "modified": "2026-07-14T18:32:18Z",
  "published": "2026-07-14T18:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50361"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50361"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VF9F-54PG-36HQ

Vulnerability from github – Published: 2022-11-25 06:30 – Updated: 2024-03-25 03:31
VLAI
Details

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-25T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",
  "id": "GHSA-vf9f-54pg-36hq",
  "modified": "2024-03-25T03:31:43Z",
  "published": "2022-11-25T06:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45887"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517a281338322ff8293f988771c98aaa7205e457"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel%40gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230113-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VFGR-2RXV-7V7G

Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2022-11-03 19:00
VLAI
Details

A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32895"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.",
  "id": "GHSA-vfgr-2rxv-7v7g",
  "modified": "2022-11-03T19:00:27Z",
  "published": "2022-11-02T12:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32895"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213488"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.

Mitigation
Architecture and Design

Use thread-safe capabilities such as the data access abstraction in Spring.

Mitigation
Architecture and Design
  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Implementation

When using multithreading and operating on shared variables, only use thread-safe functions.

Mitigation
Implementation

Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.

Mitigation
Implementation

Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.

Mitigation
Implementation

Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.

Mitigation
Implementation

Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.

Mitigation
Implementation

Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.