Vaintroub

**Name of the Vulnerable Software and Affected Versions** MariaDB Server versions prior to 10.7 **Description** The issue is related to a denial of service vulnerability in the `xbstream open` method, located in `extra/mariabackup/ds xbstream.cc`. When an error occurs, specifically when `stream ctxt->dest file` equals `NULL`, the lock held is not released correctly. This can lead to a deadlock, allowing local users to trigger a denial of service. The vendor considers this an improper locking bug rather than a vulnerability with adverse effects. **Recommendations** For MariaDB Server versions prior to 10.7, update to version 10.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `xbstream open` method in `extra/mariabackup/ds xbstream.cc` to minimize the risk of exploitation.