• Software vulnerabilities related to the order and timing of events in concurrent processes
• Exploiting race conditions allows attackers to disrupt intended program behavior and gain unauthorized access

Understanding Race Conditions

• Race conditions occur when multiple threads or processes access and manipulate shared resources simultaneously
• Dereferencing — Software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing that the pointer was pointing to in the memory which allows changes to be made
• Vulnerabilities stem from unexpected conflicts and synchronization issues

Exploiting Race Conditions

• Attackers exploit race conditions by timing their actions to coincide with vulnerable code execution
• Exploitation may lead to unauthorized access, data manipulation, or system crashes

Dirty COW Exploit

• A real-world example of race condition exploitation
• Targeted Linux and Android systems, leveraging race conditions in the Copy on Write function

Types of Race Conditions

Time-of-Check (TOC)

• Attackers manipulate a resource’s state after it is checked but before it is used
• For example, overdrawing a bank account due to a time delay between checking and transferring funds

Time-of-Use (TOU)

• Attackers alter a resource’s state after it is checked but before it is used
• Focuses on the time when the resource is utilized, rather than the time of the initial check

Time-of-Evaluation (TOE)