diff --git a/libwvdrmengine/cdm/core/include/cdm_engine.h b/libwvdrmengine/cdm/core/include/cdm_engine.h
index 16a4e1f1..c7237ef6 100644
--- a/libwvdrmengine/cdm/core/include/cdm_engine.h
+++ b/libwvdrmengine/cdm/core/include/cdm_engine.h
@@ -390,6 +390,8 @@ class CdmEngine {
   CdmSessionMap session_map_;
   CdmReleaseKeySetMap release_key_sets_;
   std::unique_ptr<CertificateProvisioning> cert_provisioning_;
+  // Lock must be acquired before using |cert_provisioning_|.
+  std::mutex cert_provisioning_mutex_;
   FileSystem* file_system_;
   Clock clock_;
   std::string spoid_;
diff --git a/libwvdrmengine/cdm/core/src/cdm_engine.cpp b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
index c18dc339..c44303fe 100644
--- a/libwvdrmengine/cdm/core/src/cdm_engine.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_engine.cpp
@@ -73,7 +73,6 @@ class UsagePropertySet : public CdmClientPropertySet {
 CdmEngine::CdmEngine(FileSystem* file_system,
                      std::shared_ptr<metrics::EngineMetrics> metrics)
     : metrics_(metrics),
-      cert_provisioning_(),
       file_system_(file_system),
       spoid_(EMPTY_SPOID),
       usage_session_(),
@@ -902,6 +901,7 @@ CdmResponseType CdmEngine::GetProvisioningRequest(
   }
 
   // TODO(b/141705730): Remove usage entries on provisioning.
+  std::unique_lock<std::mutex> cert_lock(cert_provisioning_mutex_);
   if (!cert_provisioning_) {
     cert_provisioning_.reset(
         new CertificateProvisioning(metrics_->GetCryptoMetrics()));
@@ -929,6 +929,7 @@ CdmResponseType CdmEngine::HandleProvisioningResponse(
     SecurityLevel requested_security_level, std::string* cert,
     std::string* wrapped_key) {
   LOGI("Handling provision request");
+  std::unique_lock<std::mutex> cert_lock(cert_provisioning_mutex_);
   if (response.empty()) {
     LOGE("Empty provisioning response");
     cert_provisioning_.reset();
diff --git a/libwvdrmengine/cdm/core/src/cdm_session.cpp b/libwvdrmengine/cdm/core/src/cdm_session.cpp
index 9dd23530..2987ee8a 100644
--- a/libwvdrmengine/cdm/core/src/cdm_session.cpp
+++ b/libwvdrmengine/cdm/core/src/cdm_session.cpp
@@ -973,11 +973,10 @@ CdmResponseType CdmSession::RemoveKeys() {
 }
 
 CdmResponseType CdmSession::RemoveLicense() {
-  CdmResponseType sts = NO_ERROR;
   if (is_offline_ || has_provider_session_token()) {
     if (usage_support_type_ == kUsageEntrySupport &&
         has_provider_session_token()) {
-      sts = DeleteUsageEntry(usage_entry_number_);
+      DeleteUsageEntry(usage_entry_number_);
     }
     DeleteLicenseFile();
   }