Skip to main content

Improper Locking

CVE-2022-31623

Severity Medium
Score 5.5/10

Summary

MariaDB Server versions prior to 10.2.42, 10.3.x prior to 10.3.33, 10.4.x prior to 10.4.23, 10.5.x prior to 10.5.14, 10.6.x prior to 10.6.6, 10.7.x prior to 10.7.2 are vulnerable to Denial of Service. In "extra/mariabackup/ds_compress.cc", when an error occurs (i.e., going to the err label) while executing the method "create_worker_threads", the held lock "thd->ctrl_mutex" is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-667 - Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Advisory Timeline

  • Published