Race Condition
What is Race Condition?
Race ConditionA defect where the security or correctness of a system depends on the timing or ordering of concurrent operations, allowing attackers to interleave actions and bypass checks.
A race condition arises when two or more threads, processes, or actors access shared state without proper synchronisation, so that an attacker can win a timing window to observe partial state or alter it between operations. Security-relevant variants include TOCTOU (check-then-use), atomicity failures in financial logic, and signal-handler reentrancy bugs. Exploitation often requires precise scheduling, ramming the kernel via thread pools, or filesystem tricks (renames, symlinks). Defences include proper locking, transactions, atomic compare-and-swap, file-descriptor based APIs (openat, fstatat), idempotent designs, and tools like ThreadSanitizer and formal concurrency review.
● Examples
- 01
CVE-2016-5195 (Dirty COW) — Linux kernel race condition in COW handling.
- 02
Filesystem race that lets an attacker replace a file between access() and open().
● Frequently asked questions
What is Race Condition?
A defect where the security or correctness of a system depends on the timing or ordering of concurrent operations, allowing attackers to interleave actions and bypass checks. It belongs to the Vulnerabilities category of cybersecurity.
What does Race Condition mean?
A defect where the security or correctness of a system depends on the timing or ordering of concurrent operations, allowing attackers to interleave actions and bypass checks.
How do you defend against Race Condition?
Defences for Race Condition typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Race Condition?
Common alternative names include: Concurrency bug, Timing race.