CVE-2022-31624 — Improper Locking in Mariadb

CWE-667 — Improper Locking CWE-404 — Improper Resource Shutdown or Release7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mariadb

Timeline

PublishedMay 25

Latest updateMay 26

Description

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDmariadb/mariadb10.3.0 — 10.3.32+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qcq9-cqmp-6vr3: MariaDB Server before 10↗2022-05-26

▶

OSV

CVE-2022-31624: MariaDB Server before 10↗2022-05-25

▶

CVEList

CVE-2022-31624: MariaDB Server before 10↗2022-05-25

▶

📋Vendor Advisories

Microsoft

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex the held lock lock_bigbuffer is not released correctly whi↗2022-05-10

▶

Debian

CVE-2022-31624: mariadb-10.5 - MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing t...↗2022

▶

Red Hat

mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c↗2021-09-07

▶