PT-2021-7210 · Mariadb+5 · Mariadb Server+5

Published

2021-10-25

Updated

2025-06-10

CVE-2022-31624

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MariaDB Server versions prior to 10.7

Description The issue is related to the method log statement ex in the server audit/server audit.c plugin, which does not release the lock bigbuffer lock correctly. This can lead to a deadlock, allowing local users to trigger a denial of service. The problem is associated with incorrect resource cleanup.

Recommendations For versions prior to 10.7, update to version 10.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the log statement ex method in the server audit plugin to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Resource Release

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-667

Related Identifiers

ALT-PU-2022-2360

ALT-PU-2022-2446

ALT-PU-2023-1583

ALT-PU-2023-6462

BDU:2022-03790

BIT-MARIADB-2022-31624

BIT-MARIADB-MIN-2022-31624

BIT-MYSQL-CLIENT-2022-31624

CESA-2022_1556

CESA-2022_1557

CVE-2022-31624

RHSA-2022:1007

RHSA-2022:1010

RHSA-2022:1556

RHSA-2022:1557

RHSA-2022:4818

RHSA-2022_1556

RHSA-2022_1557

RHSA-2023:6821

RLSA-2022:1556

RLSA-2022:1557

ROSA-SA-2023-2254

Affected Products

Alt Linux

Astra Linux

Centos

Mariadb Server

Red Hat

Rocky Linux

PT-2021-7210 · Mariadb+5 · Mariadb Server+5

CVE-2022-31624

Weakness Enumeration

Related Identifiers

Affected Products

References · 48