Improper Locking
CVE-2022-31623
Summary
MariaDB Server versions prior to 10.2.42, 10.3.x prior to 10.3.33, 10.4.x prior to 10.4.23, 10.5.x prior to 10.5.14, 10.6.x prior to 10.6.6, 10.7.x prior to 10.7.2 are vulnerable to Denial of Service. In "extra/mariabackup/ds_compress.cc", when an error occurs (i.e., going to the err label) while executing the method "create_worker_threads", the held lock "thd->ctrl_mutex" is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-667 - Improper Locking
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
References
Advisory Timeline
- Published