CVE-2022-31623 : MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabac

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.

Published 2022-05-25 21:15:09

Updated 2024-08-12 13:38:09

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-31623

Mariadb » Mariadb
Versions from including (>=) 10.6.0 and before (<) 10.6.6
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.4.0 and before (<) 10.4.23
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions before (<) 10.2.42
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.7.0 and before (<) 10.7.2
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.5.0 and before (<) 10.5.14
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.3.0 and before (<) 10.3.33
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-31623

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-31623

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-31623

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-31623

https://jira.mariadb.org/browse/MDEV-26561

[MDEV-26561] An improper locking bug due to the unreleased lock - Jira

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20220707-0006/

June 2022 MariaDB Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94

MDEV-26561 mariabackup release locks · MariaDB/server@7c30bc3 · GitHub
Patch;Third Party Advisory
https://jira.mariadb.org/browse/MDEV-26574

[MDEV-26574] An improper locking bug due to unreleased lock in the ds_xbstream.cc - Jira

CVEs referencing this url
https://github.com/MariaDB/server/pull/1938

MDEV-26561 Fix a bug due to unreleased lock by ryancaicse · Pull Request #1938 · MariaDB/server · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-31623

Products affected by CVE-2022-31623

Exploit prediction scoring system (EPSS) score for CVE-2022-31623

CVSS scores for CVE-2022-31623

CWE ids for CVE-2022-31623

References for CVE-2022-31623