MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
References
| Link | Resource |
|---|---|
| https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 | Patch Third Party Advisory |
| https://jira.mariadb.org/browse/MDEV-26561 | |
| https://jira.mariadb.org/browse/MDEV-26561?filter=-2 | Issue Tracking Permissions Required Third Party Advisory |
| https://jira.mariadb.org/browse/MDEV-26574 | |
| https://security.netapp.com/advisory/ntap-20220707-0006/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
02 May 2024, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects. | |
| References |
|
08 Aug 2023, 14:22
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-667 |
Information
Published : 2022-05-25 21:15
Updated : 2024-08-03 08:15
NVD link : CVE-2022-31622
Mitre link : CVE-2022-31622
CVE.ORG link : CVE-2022-31622
JSON object : View
Products Affected
mariadb
- mariadb
CWE
CWE-667
Improper Locking