Headline
CVE-2022-31621: [MDEV-26574] An improper locking bug due to unreleased lock in the ds_xbstream.cc
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Log inSkip to main contentSkip to sidebar
Dashboards
Projects
Issues
Give feedback to Atlassian
Help
- Jira Core help
- Keyboard Shortcuts
- Issue Reminders help
- About Jira
- Jira Credits
Log In
- MariaDB Server
- MDEV-26574
Log In
Export
XMLWordPrintable
Details
Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.6.4
Fix Version/s: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5
Component/s: Server
Labels:
- code
- performance
- server
Environment:
All
Epic/Theme:
- Performance
- server
Description
The lock stream_ctxt->mutex is not released correctly when stream_ctxt->dest_file == NULL in the function xbstream_open
https://github.com/MariaDB/server/blob/76f4a78ba2639b5abd01a88b24a3c509c11530ce/extra/mariabackup/ds_xbstream.cc#L126-L133
Also mentioned in MDEV-26556.
Attachments
Activity
People
Assignee:
Vladislav Vaintroub
Reporter:
Ryan
Votes:
0 Vote for this issue
Watchers:
2 Start watching this issue
Dates
Created:
2021-09-08 09:26
Updated:
2021-09-15 13:24
Resolved:
2021-09-15 13:22
Git Integration
Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel’. Please contact your Jira administrators.
Related news
Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.