CVE-2022-31622

Опубликовано: 07 сент. 2021

Источник: redhat

CVSS3: 5.5

Описание

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	mariadb	Out of support scope
Red Hat OpenStack Platform 13 (Queens)	mariadb	Out of support scope
Red Hat Enterprise Linux 8	mariadb	Fixed	RHSA-2022:5826	02.08.2022
Red Hat Enterprise Linux 8	mariadb	Fixed	RHSA-2022:6443	13.09.2022
Red Hat Enterprise Linux 9	mariadb	Fixed	RHSA-2022:5948	09.08.2022
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-mariadb105-mariadb	Fixed	RHSA-2022:5759	28.07.2022
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-mariadb103-mariadb	Fixed	RHSA-2022:6306	01.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-404

https://bugzilla.redhat.com/show_bug.cgi?id=2092354mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2022-31622

CVSS3: 5.5

ubuntu

около 3 лет назад

** DISPUTED ** MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.