PT-2022-1640 · Mariadb+10 · Mariadb+11

Published

2022-02-09

·

Updated

2025-06-10

·

CVE-2022-24050

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MariaDB (affected versions not specified)
Description This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processing of SQL queries, resulting from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of the service account.
Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:5826
ALSA-2022:5948
ALSA-2022:6443
ALT-PU-2022-2360
ALT-PU-2022-2446
ALT-PU-2023-1583
ALT-PU-2023-6462
AZL-8665
BDU:2022-00887
BIT-MARIADB-2022-24050
BIT-MARIADB-MIN-2022-24050
BIT-MYSQL-CLIENT-2022-24050
CESA-2022_5826
CESA-2022_6443
CVE-2022-24050
MGASA-2022-0070
OESA-2022-1616
OPENSUSE-SU-2022:0731-1
OPENSUSE-SU-2022_0725-1
OPENSUSE-SU-2022_0726-1
OPENSUSE-SU-2022_0731-1
OPENSUSE-SU-2022_0731-2
OPENSUSE-SU-2022_2561-1
OPENSUSE-SU-2024:11867-1
RHSA-2022:5759
RHSA-2022:5826
RHSA-2022:5948
RHSA-2022:6306
RHSA-2022:6443
RHSA-2022_5826
RHSA-2022_5948
RHSA-2022_6443
RHSA-2023:6821
RLSA-2022:5826
RLSA-2022:5948
RLSA-2022:6443
ROSA-SA-2023-2253
SUSE-RU-2023:3956-1
SUSE-RU-2023:4991-1
SUSE-SU-2022:0725-1
SUSE-SU-2022:0726-1
SUSE-SU-2022:0731-1
SUSE-SU-2022:0731-2
SUSE-SU-2022:0782-1
SUSE-SU-2022:2561-1
USN-5305-1
ZDI-22-364

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Mariadb
Mariadb Server
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu