PT-2021-7211 · Mariadb+6 · Mariadb Server+6

Published

2021-09-07

Updated

2025-06-10

CVE-2022-31622

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MariaDB Server versions prior to 10.7

Description The issue is related to a denial of service vulnerability. In the extra/mariabackup/ds compress.cc file, when an error occurs while executing the create worker threads method, the held lock is not released correctly, allowing local users to trigger a denial of service due to a deadlock. The vendor considers this an improper locking bug rather than a vulnerability with adverse effects.

Recommendations For versions prior to 10.7, update to version 10.7 or later to resolve the issue. As a temporary workaround, consider disabling the create worker threads method in the extra/mariabackup/ds compress.cc file until a patch is available. Restrict access to the ds compress.cc module to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Resource Release

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-667

Related Identifiers

ALSA-2022:5826

ALSA-2022:5948

ALSA-2022:6443

ALT-PU-2022-2360

ALT-PU-2022-2446

ALT-PU-2023-1583

ALT-PU-2023-6462

BDU:2022-03791

BIT-MARIADB-2022-31622

BIT-MARIADB-MIN-2022-31622

BIT-MYSQL-CLIENT-2022-31622

CESA-2022_5826

CESA-2022_6443

CVE-2022-31622

RHSA-2022:5759

RHSA-2022:5826

RHSA-2022:5948

RHSA-2022:6306

RHSA-2022:6443

RHSA-2022_5826

RHSA-2022_5948

RHSA-2022_6443

RHSA-2023:6821

RLSA-2022:5826

RLSA-2022:5948

RLSA-2022:6443

ROSA-SA-2023-2254

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Mariadb Server

Red Hat

Rocky Linux

PT-2021-7211 · Mariadb+6 · Mariadb Server+6

CVE-2022-31622

Weakness Enumeration

Related Identifiers

Affected Products

References · 178