MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. https://jira.mariadb.org/browse/MDEV-26561 https://github.com/MariaDB/server/pull/1938 https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5759 https://access.redhat.com/errata/RHSA-2022:5759
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5826 https://access.redhat.com/errata/RHSA-2022:5826
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5948 https://access.redhat.com/errata/RHSA-2022:5948
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6306 https://access.redhat.com/errata/RHSA-2022:6306
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6443 https://access.redhat.com/errata/RHSA-2022:6443
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-31623