2082651 – (CVE-2022-21451) CVE-2022-21451 mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

Bug 2082651 (CVE-2022-21451) - CVE-2022-21451 mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

Summary: CVE-2022-21451 mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-21451
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2010824 2050506 2050507 2050508 2083193 2083194 2083196 2083199 2083202 2083204 2083229 2083232 2083233 2083259 2083260 2083261 2083262 2083263 2083303 2083305 2110941 2122591
Blocks:	2082660
TreeView+	depends on / blocked

Reported:	2022-05-06 16:28 UTC by Mauro Matteo Cascella
Modified:	2022-10-25 09:26 UTC (History)
CC List:	16 users (show)
Fixed In Version:	mysql 5.7.38, mysql 8.0.29, mariadb 10.5.10, mariadb 10.4.19, mariadb 10.3.29, mariadb 10.2.38
Clone Of:
Environment:
Last Closed:	2022-05-10 14:45:49 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2022:6518	None	None	None	2022-09-14 13:48:36 UTC
Red Hat Product Errata	RHSA-2022:6590	None	None	None	2022-09-20 13:52:19 UTC
Red Hat Product Errata	RHSA-2022:7119	None	None	None	2022-10-25 09:26:26 UTC

Description Mauro Matteo Cascella 2022-05-06 16:28:21 UTC

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

External References:

https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL

Comment 1 Mauro Matteo Cascella 2022-05-09 13:25:27 UTC

Created community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 2083202]


Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2083193]


Created mariadb:10.3/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2083194]


Created mariadb:10.4/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2083196]


Created mariadb:10.5/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 2083199]


Created mysql:8.0/community-mysql tracking bugs for this issue:

Affects: fedora-all [bug 2083204]

Comment 6 Mauro Matteo Cascella 2022-05-10 10:50:21 UTC

MariaDB upstream states that this issue was fixed in MariaDB versions 10.5.10, 10.4.19, 10.3.29, 10.2.38. The mariadb packages as shipped in Red Hat products were previously updated to a version that contains the fix via the following errata:

rh-mariadb103-mariadb in Red Hat Software Collections
https://access.redhat.com/errata/RHSA-2022:1010

rh-mariadb105-mariadb in Red Hat Software Collections
https://access.redhat.com/errata/RHSA-2022:1007

mariadb:10.3/mariadb module in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:1556

mariadb:10.5/mariadb module in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:1557

Comment 7 Product Security DevOps Team 2022-05-10 14:45:47 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-21451

Comment 9 errata-xmlrpc 2022-09-14 13:48:33 UTC

This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:6518 https://access.redhat.com/errata/RHSA-2022:6518

Comment 10 errata-xmlrpc 2022-09-20 13:52:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6590 https://access.redhat.com/errata/RHSA-2022:6590

Comment 11 errata-xmlrpc 2022-10-25 09:26:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7119 https://access.redhat.com/errata/RHSA-2022:7119

Note You need to log in before you can comment on or make changes to this bug.