Headline
CVE-2022-31624: [MDEV-26556] An improper locking bug(s) due to unreleased lock
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Details
Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.6.4
Fix Version/s: 10.2.41
Component/s: Plugin - Audit
Labels:
None
Environment:
All
Epic/Theme:
- Performance
- primary
- server
Description
Hi, developers, thank you for your checking. It seems the lock lock_bigbuffer is not released correctly when big_buffer == NULL in the function log_statement_ex?
https://github.com/MariaDB/server/blob/57f14eab20ae2733eb341f3d293515a10a40bc48/plugin/server_audit/server_audit.c#L1838-L1848
Thank you for your checking!
Attachments
Activity
Related news
Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.