Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38791: [MDEV-28719] compress_write() fails to release mutex on failure

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

CVE
#git

Details

  • Type: Bug

  • Status: Closed (View Workflow)

  • Priority: Critical

  • Resolution: Fixed

  • Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9.1

  • Fix Version/s: 10.3.36, 10.4.26, 10.5.17, 10.6.9, 10.7.5, 10.8.4, 10.9.2

  • Component/s: Backup

  • Labels:

    None

  • Environment:

    All

  • Epic/Theme:

    • Performance
    • primary
    • service

Description

Hi, @marko, it seems that the fixing for MDEV-28689 is buggy. The lock thd->data_mutex is still not released during erroneously writing to the destination stream and writing to the destination stream (Line 246 and 256).

Due to the original issue is closed, thus I just open a new issue.

https://github.com/MariaDB/server/blob/863c3eda872b19f70ce6045119bf621584e1312d/extra/mariabackup/ds_compress.cc#L233-L259

Attachments

Activity

Related news

Gentoo Linux Security Advisory 202405-25

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

Red Hat Security Advisory 2023-7633-01

Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.

Red Hat Security Advisory 2023-5684-01

Red Hat Security Advisory 2023-5684-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

Red Hat Security Advisory 2023-5683-01

Red Hat Security Advisory 2023-5683-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

Red Hat Security Advisory 2023-5259-01

Red Hat Security Advisory 2023-5259-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include a null pointer vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907