MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs (pthreadcreate returns a nonzero value) while executing the method createworkerthreads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. Note: The vendor argues this is just an improper locking bug and not a vulnerability with adverse effects.
{ "isDisputed": true }
{ "vanir_signatures": [ { "deprecated": false, "id": "CVE-2022-31622-3bbab28d", "signature_version": "v1", "digest": { "length": 1089.0, "function_hash": "34880256977001026652841198765112081276" }, "signature_type": "Function", "target": { "function": "create_worker_threads", "file": "extra/mariabackup/ds_compress.cc" }, "source": "https://github.com/mariadb/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2" }, { "deprecated": false, "id": "CVE-2022-31622-977866a5", "signature_version": "v1", "digest": { "line_hashes": [ "196104405052072975430072880005732981250", "265736355112068905119830254268930035987", "279526020539492955557437763953817736959", "93008397167680912230812322073889978078" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "extra/mariabackup/ds_compress.cc" }, "source": "https://github.com/mariadb/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2" } ] }