Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 847526 (CVE-2022-31621, CVE-2022-31622, CVE-2022-31623, CVE-2022-31624)

Summary: <dev-db/mariadb-{10.2.43,10.3.34,10.4.25,10.5.15,10.6.8}: multiple vulnerabilities (CVE-2022-{31621-31624})
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: mysql-bugs
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/26397
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 838244    
Bug Blocks:    

Description filip ambroz 2022-05-26 07:19:48 UTC 
[CVE-2022-31621]
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix: https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8

[CVE-2022-31622]
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix: https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2

[CVE-2022-31623]
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix: https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94


[CVE-2022-31624]
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fix:https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944


---
Needs bump to version 10.7.4.
There is also version 10.8.3 available upstream.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 22:35:18 UTC 
CVE-2022-31623 (https://github.com/MariaDB/server/pull/1938):
https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

CVE-2022-31622 (https://jira.mariadb.org/browse/MDEV-26561?filter=-2):
https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.

Fixes in 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 04:39:06 UTC 
These all have fixes in tree and we're waiting for stabilization now.
Comment 3 Larry the Git Cow gentoo-dev 2022-07-15 01:26:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da14e699f370d254bf6ffe16cc1ac0492d0ddebe

commit da14e699f370d254bf6ffe16cc1ac0492d0ddebe
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2022-07-14 09:04:16 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-07-15 01:22:02 +0000

    dev-db/mariadb: drop vulnerable
    
    Bug: https://bugs.gentoo.org/847526
    Bug: https://bugs.gentoo.org/838244
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/26397
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/mariadb/Manifest                 |   13 -
 dev-db/mariadb/mariadb-10.2.41.ebuild   | 1289 ------------------------------
 dev-db/mariadb/mariadb-10.2.43.ebuild   | 1292 ------------------------------
 dev-db/mariadb/mariadb-10.3.32.ebuild   | 1281 ------------------------------
 dev-db/mariadb/mariadb-10.3.34.ebuild   | 1284 ------------------------------
 dev-db/mariadb/mariadb-10.4.22.ebuild   | 1302 ------------------------------
 dev-db/mariadb/mariadb-10.5.13.ebuild   | 1309 ------------------------------
 dev-db/mariadb/mariadb-10.5.15.ebuild   | 1309 ------------------------------
 dev-db/mariadb/mariadb-10.6.5-r1.ebuild | 1311 ------------------------------
 dev-db/mariadb/mariadb-10.6.8.ebuild    | 1316 -------------------------------
 10 files changed, 11706 deletions(-)