Name |
Forced Deadlock |
|
Likelyhood of attack |
Typical severity |
Low |
High |
|
Summary |
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect. |
Prerequisites |
The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [REF-101] The target host exposes an API to the user. |
Execution Flow |
Step |
Phase |
Description |
Techniques |
1 |
Explore |
The adversary initiates an exploratory phase to get familiar with the system. |
|
2 |
Explore |
The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish. |
|
3 |
Explore |
If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service. |
|
|
Solutions | Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms). For competing actions, use well-known libraries which implement synchronization. |
Related Weaknesses |
CWE ID
|
Description
|
CWE-412 |
Unrestricted Externally Accessible Lock |
CWE-567 |
Unsynchronized Access to Shared Data in a Multithreaded Context |
CWE-662 |
Improper Synchronization |
CWE-667 |
Improper Locking |
CWE-833 |
Deadlock |
CWE-1322 |
Use of Blocking Code in Single-threaded, Non-blocking Context |
|