If there is a consensus conflict on the lock of a particular transaction, then the network goes into "defense" mode regarding that transaction and has to wait for a full confirmation before it can be spent. This is the right thing to do, and ensures that double spends are not possible (assuming the rest of the algorithms and code are correct).
It's worse than that:
If I control a majority of nodes, I can confirm a transaction lock to the recipient of a double spend, then dump the transaction lock from all my nodes and double spend the coins back to myself with a new transaction lock which I hold until N blocks have been built.
"defence" mode cannot work as designed because of the nature of sybil attack.
There you go, someone that has looked at it closer than me...
I was under the impression that the double-spend would still get picked up before it could actually cause any damage, but again, I didn't spend much time digging around in it once I'd realized that DoS was possible.