Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 847526 (CVE-2022-31621, CVE-2022-31622, CVE-2022-31623, CVE-2022-31624) - <dev-db/mariadb-{10.2.43,10.3.34,10.4.25,10.5.15,10.6.8}: multiple vulnerabilities (CVE-2022-{31621-31624})
Summary: <dev-db/mariadb-{10.2.43,10.3.34,10.4.25,10.5.15,10.6.8}: multiple vulnerabil...
Status: RESOLVED FIXED
Alias: CVE-2022-31621, CVE-2022-31622, CVE-2022-31623, CVE-2022-31624
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords: PullRequest
Depends on: CVE-2022-27376, CVE-2022-27377, CVE-2022-27378, CVE-2022-27379, CVE-2022-27380, CVE-2022-27381, CVE-2022-27382, CVE-2022-27383, CVE-2022-27384, CVE-2022-27385, CVE-2022-27386, CVE-2022-27444, CVE-2022-27445, CVE-2022-27446, CVE-2022-27447, CVE-2022-27448, CVE-2022-27449, CVE-2022-27451, CVE-2022-27452, CVE-2022-27455, CVE-2022-27456, CVE-2022-27457, CVE-2022-27458, CVE-2022-32083, CVE-2022-32085, CVE-2022-32086, CVE-2022-32089, CVE-2022-32091
Blocks:
  Show dependency tree
 
Reported: 2022-05-26 07:19 UTC by filip ambroz
Modified: 2024-05-08 08:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2022-05-26 07:19:48 UTC 
[CVE-2022-31621]
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix: https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8

[CVE-2022-31622]
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix: https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2

[CVE-2022-31623]
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix: https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94


[CVE-2022-31624]
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix:https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944


---
Needs bump to version 10.7.4.
There is also version 10.8.3 available upstream.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:35:18 UTC 
CVE-2022-31623 (https://github.com/MariaDB/server/pull/1938):
https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVE-2022-31622 (https://jira.mariadb.org/browse/MDEV-26561?filter=-2):
https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fixes in 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 04:39:06 UTC 
These all have fixes in tree and we're waiting for stabilization now.
Comment 3 Larry the Git Cow gentoo-dev 2022-07-15 01:26:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da14e699f370d254bf6ffe16cc1ac0492d0ddebe

commit da14e699f370d254bf6ffe16cc1ac0492d0ddebe
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2022-07-14 09:04:16 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-07-15 01:22:02 +0000

    dev-db/mariadb: drop vulnerable
    
    Bug: https://bugs.gentoo.org/847526
    Bug: https://bugs.gentoo.org/838244
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/26397
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/mariadb/Manifest                 |   13 -
 dev-db/mariadb/mariadb-10.2.41.ebuild   | 1289 ------------------------------
 dev-db/mariadb/mariadb-10.2.43.ebuild   | 1292 ------------------------------
 dev-db/mariadb/mariadb-10.3.32.ebuild   | 1281 ------------------------------
 dev-db/mariadb/mariadb-10.3.34.ebuild   | 1284 ------------------------------
 dev-db/mariadb/mariadb-10.4.22.ebuild   | 1302 ------------------------------
 dev-db/mariadb/mariadb-10.5.13.ebuild   | 1309 ------------------------------
 dev-db/mariadb/mariadb-10.5.15.ebuild   | 1309 ------------------------------
 dev-db/mariadb/mariadb-10.6.5-r1.ebuild | 1311 ------------------------------
 dev-db/mariadb/mariadb-10.6.8.ebuild    | 1316 -------------------------------
 10 files changed, 11706 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2024-05-08 08:40:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=b69f175bb86c550d8cad22e4c391edbf3ccd7c16

commit b69f175bb86c550d8cad22e4c391edbf3ccd7c16
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-08 08:40:00 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-08 08:40:18 +0000

    [ GLSA 202405-25 ] MariaDB: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/699874
    Bug: https://bugs.gentoo.org/822759
    Bug: https://bugs.gentoo.org/832490
    Bug: https://bugs.gentoo.org/838244
    Bug: https://bugs.gentoo.org/847526
    Bug: https://bugs.gentoo.org/856484
    Bug: https://bugs.gentoo.org/891781
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-25.xml | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)