CVE-2022-31623
Summary
| CVE | CVE-2022-31623 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-25 21:15:00 UTC |
| Updated | 2022-11-05 01:45:00 UTC |
| Description | MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. |
Risk And Classification
Problem Types: CWE-667
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MDEV-26561 Fix a bug due to unreleased lock by ryancaicse · Pull Request #1938 · MariaDB/server · GitHub | MISC | github.com | |
| June 2022 MariaDB Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| MDEV-26561 mariabackup release locks · MariaDB/server@7c30bc3 · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160019 Oracle Enterprise Linux Security Update for mariadb:10.5 (ELSA-2022-5826)
- 160037 Oracle Enterprise Linux Security Update for galera, mariadb, and mysql-selinux (ELSA-2022-5948)
- 160096 Oracle Enterprise Linux Security Update for mariadb:10.3 (ELSA-2022-6443)
- 179333 Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31623)
- 240565 Red Hat Update for rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2022:5759)
- 240586 Red Hat Update for mariadb:10.5 security (RHSA-2022:5826)
- 240596 Red Hat Update for galera, mariadb, and mysql-selinux security (RHSA-2022:5948)
- 240645 Red Hat Update for rh-mariadb103-galera and rh-mariadb103-mariadb (RHSA-2022:6306)
- 240665 Red Hat Update for mariadb:10.3 (RHSA-2022:6443)
- 355181 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355290 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355292 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355296 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355302 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355306 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355308 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355313 Amazon Linux Security Advisory for mariadb105 : ALAS2023-2023-155
- 356265 Amazon Linux Security Advisory for mariadb : ALASMARIADB10.5-2023-003
- 377368 Alibaba Cloud Linux Security Update for mariadb:10.5 (ALINUX3-SA-2022:0151)
- 502457 Alpine Linux Security Update for mariadb
- 504147 Alpine Linux Security Update for mariadb
- 672043 EulerOS Security Update for mariadb (EulerOS-SA-2022-2227)
- 902013 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9806)
- 902041 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9802)
- 902209 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9806-1)
- 903845 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9802-1)
- 940606 AlmaLinux Security Update for mariadb:10.5 (ALSA-2022:5826)
- 940632 AlmaLinux Security Update for galera, (ALSA-2022:5948)
- 940668 AlmaLinux Security Update for mariadb:10.3 (ALSA-2022:6443)
- 960383 Rocky Linux Security Update for mariadb:10.5 (RLSA-2022:5826)
- 960482 Rocky Linux Security Update for galera, (RLSA-2022:5948)