1. Home
  2. CWE Database
  3. CWE-832
Base · Medium

CWE-832: Unlock of a Resource that is not Locked

The product attempts to unlock a resource that is not locked.

CWE-832 · Base Level ·3 CVEs

Description

The product attempts to unlock a resource that is not locked.

Depending on the locking functionality, an unlock of a non-locked resource might cause memory corruption or other modification to the resource (or its associated metadata that is used for tracking locks).

Potential Impact

Integrity, Confidentiality, Availability, Other

DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Modify Memory, Other

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2010-4210function in OS kernel unlocks a mutex that was not previously locked, causing a panic or overwrite of arbitrary memory.
CVE-2008-4302Chain: OS kernel does not properly handle a failure of a function call (CWE-755), leading to an unlock of a resource that was not locked (CWE-832), with resultant crash.
CVE-2009-1243OS kernel performs an unlock in some incorrect circumstances, leading to panic.

CWE-667: Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and ...

Frequently Asked Questions

What is CWE-832?

CWE-832 (Unlock of a Resource that is not Locked) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product attempts to unlock a resource that is not locked.

How can CWE-832 be exploited?

Attackers can exploit CWE-832 (Unlock of a Resource that is not Locked) to dos: crash, exit, or restart, execute unauthorized code or commands, modify memory, other. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-832?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-832?

CWE-832 is classified as a Base-level weakness (Medium abstraction). It has been observed in 3 real-world CVEs.