Unrated severityNVD Advisory· Published Aug 27, 2022· Updated Aug 3, 2024

CVE-2022-38791

Description

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

Affected products

MariaDB/MariaDBdescription
osv-coords46 versions
pkg:bitnami/mariadb pkg:bitnami/mariadb-min pkg:bitnami/mysql-client pkg:rpm/almalinux/galera pkg:rpm/almalinux/Judy pkg:rpm/almalinux/mariadb pkg:rpm/almalinux/mariadb-backup pkg:rpm/almalinux/mariadb-common pkg:rpm/almalinux/mariadb-devel pkg:rpm/almalinux/mariadb-embedded pkg:rpm/almalinux/mariadb-embedded-devel pkg:rpm/almalinux/mariadb-errmsg pkg:rpm/almalinux/mariadb-gssapi-server pkg:rpm/almalinux/mariadb-oqgraph-engine pkg:rpm/almalinux/mariadb-pam pkg:rpm/almalinux/mariadb-server pkg:rpm/almalinux/mariadb-server-galera pkg:rpm/almalinux/mariadb-server-utils pkg:rpm/almalinux/mariadb-test pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/mariadb&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4 pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
>= 10.3.0, < 10.3.36+ 45 more
- (no CPE)range: >= 10.3.0, < 10.3.36
- (no CPE)range: >= 10.3.0, < 10.3.36
- (no CPE)range: >= 10.3.0, < 10.3.36
- (no CPE)range: < 25.3.37-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 1.0.5-18.module_el8.6.0+2867+72759d2f
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.5.22-1.module_el8.8.0+3620+5d452900
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 3:10.3.39-1.module_el8.8.0+3609+204d4ab0
- (no CPE)range: < 10.5.17-150300.3.21.1
- (no CPE)range: < 10.6.10-150400.3.17.1
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 10.4.28-150200.3.38.1
- (no CPE)range: < 10.4.28-150200.3.38.1
- (no CPE)range: < 10.5.17-150300.3.21.1
- (no CPE)range: < 10.5.17-150300.3.21.1
- (no CPE)range: < 10.6.10-150400.3.17.1
- (no CPE)range: < 10.4.28-150200.3.38.1
- (no CPE)range: < 10.4.28-150200.3.38.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000