CVE-2022-38791
Summary
| CVE | CVE-2022-38791 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-08-27 20:15:00 UTC |
|---|
| Updated | 2023-11-07 03:50:00 UTC |
|---|
| Description | In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 35 Update: mariadb-10.5.18-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: galera-26.4.13-1.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: mariadb-10.5.18-1.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 36 Update: galera-26.4.13-1.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: mariadb-10.5.18-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 37 Update: mariadb-10.5.18-1.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE-2022-38791 MariaDB Vulnerability in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| [MDEV-28719] compress_write() fails to release mutex on failure - Jira |
MISC |
jira.mariadb.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160933 Oracle Enterprise Linux Security Update for mariadb:10.3 (ELSA-2023-5259)
- 160981 Oracle Enterprise Linux Security Update for mariadb:10.5 (ELSA-2023-5683)
- 160997 Oracle Enterprise Linux Security Update for galera and mariadb (ELSA-2023-5684)
- 181409 Debian Security Update for mariadb-10.5 (CVE-2022-38791)
- 242074 Red Hat Update for mariadb:10.3 security (RHSA-2023:5259)
- 242160 Red Hat Update for mariadb:10.5 (RHSA-2023:5683)
- 242162 Red Hat Update for galera and mariadb (RHSA-2023:5684)
- 242541 Red Hat Update for rh-mariadb105-galera and rh-mariadb105-mariadb (RHSA-2023:7633)
- 283363 Fedora Security Update for galera (FEDORA-2022-cf88f807f9)
- 283364 Fedora Security Update for galera (FEDORA-2022-333df1c4aa)
- 283406 Fedora Security Update for galera (FEDORA-2022-e0e9a43546)
- 355181 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355290 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355292 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355296 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355302 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355306 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355308 Amazon Linux Security Advisory for mariadb105 : ALAS-2023-155
- 355313 Amazon Linux Security Advisory for mariadb105 : ALAS2023-2023-155
- 356265 Amazon Linux Security Advisory for mariadb : ALASMARIADB10.5-2023-003
- 378963 Alibaba Cloud Linux Security Update for mariadb:10.5 (ALINUX3-SA-2023:0128)
- 672576 EulerOS Security Update for mariadb (EulerOS-SA-2023-1327)
- 753464 SUSE Enterprise Linux Security Update for mariadb (SUSE-SU-2022:3391-1)
- 753744 SUSE Enterprise Linux security update for mariadb (SUSE-SU-2023:0631-1)
- 903736 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10780)
- 904216 Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (10780-1)
- 941264 AlmaLinux Security Update for mariadb:10.3 (ALSA-2023:5259)
- 941292 AlmaLinux Security Update for mariadb:10.5 (ALSA-2023:5683)
- 941294 AlmaLinux Security Update for galera and mariadb (ALSA-2023:5684)
- 961045 Rocky Linux Security Update for mariadb:10.5 (RLSA-2023:5683)
