CVE-2022-31621
mariadb: improper locking due to unreleased lock in the ds_xbstream.cc
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
MariaDB Server versiones anteriores a 10.7, es vulnerable a una denegación de servicio. En el archivo xtra/mariabackup/ds_xbstream.cc, cuando es producido un error (stream_ctxt-)dest_file == NULL) mientras es ejecutado el método xbstream_open, el bloqueo mantenido no es liberado correctamente, lo que permite a usuarios locales desencadenar una denegación de servicio debido al bloqueo
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2022-05-25 CVE Reserved
- 2022-05-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-667: Improper Locking
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://jira.mariadb.org/browse/MDEV-26561 | ||
| https://jira.mariadb.org/browse/MDEV-26574 | ||
| https://security.netapp.com/advisory/ntap-20220707-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 | 2024-07-23 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-31621 | 2022-05-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2092353 | 2022-05-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | < 10.2.41 Search vendor "Mariadb" for product "Mariadb" and version " < 10.2.41" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.3.0 < 10.3.32 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.3.0 < 10.3.32" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.4.0 < 10.4.22 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.4.0 < 10.4.22" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.5.0 < 10.5.13 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.5.0 < 10.5.13" | - |
Affected
| ||||||
| Mariadb Search vendor "Mariadb" | Mariadb Search vendor "Mariadb" for product "Mariadb" | >= 10.6.0 < 10.6.5 Search vendor "Mariadb" for product "Mariadb" and version " >= 10.6.0 < 10.6.5" | - |
Affected
| ||||||