CVE-2022-31623

Published: 25 May 2022

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
mariadb-10.0 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.1 Launchpad, Ubuntu, Debian	bionic	Needs triage
mariadb-10.1 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.3 Launchpad, Ubuntu, Debian	focal	Needs triage
mariadb-10.3 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.5 Launchpad, Ubuntu, Debian	impish	Needs triage
mariadb-10.5 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-10.6 Launchpad, Ubuntu, Debian	jammy	Needs triage
mariadb-10.6 Launchpad, Ubuntu, Debian	upstream	Needs triage
mariadb-5.5 Launchpad, Ubuntu, Debian	upstream	Needs triage

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›