PT-2021-7212 · Mariadb+6 · Mariadb Server+6

Published

2021-09-07

·

Updated

2025-06-10

·

CVE-2022-31623

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MariaDB Server versions prior to 10.7
Description The issue is related to a denial of service vulnerability. In the file extra/mariabackup/ds compress.cc, when an error occurs while executing the create worker threads method, the held lock thd->ctrl mutex is not released correctly, allowing local users to trigger a denial of service due to a deadlock. The vendor considers this an improper locking bug rather than a vulnerability with adverse effects.
Recommendations For MariaDB Server versions prior to 10.7, update to version 10.7 or later to resolve the issue. As a temporary workaround, consider disabling the create worker threads method in the affected file until a patch is available. Restrict access to the extra/mariabackup/ds compress.cc file to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Resource Release

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-667

Related Identifiers

ALSA-2022:5826
ALSA-2022:5948
ALSA-2022:6443
ALT-PU-2022-2360
ALT-PU-2022-2446
ALT-PU-2023-1583
ALT-PU-2023-6462
BDU:2022-03792
BIT-MARIADB-2022-31623
BIT-MARIADB-MIN-2022-31623
BIT-MYSQL-CLIENT-2022-31623
CESA-2022_5826
CESA-2022_6443
CVE-2022-31623
RHSA-2022:5759
RHSA-2022:5826
RHSA-2022:5948
RHSA-2022:6306
RHSA-2022:6443
RHSA-2022_5826
RHSA-2022_5948
RHSA-2022_6443
RHSA-2023:6821
RLSA-2022:5826
RLSA-2022:5948
RLSA-2022:6443
ROSA-SA-2023-2254

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Mariadb Server
Red Hat
Rocky Linux