Lucene search

K
osvGoogleOSV:BIT-MARIADB-2022-38791
HistoryMar 06, 2024 - 10:55 a.m.

BIT-mariadb-2022-38791

2024-03-0610:55:58
Google
osv.dev
9
mariadb
10.9.2
compress_write
mariabackup
ds_compress.cc
data_mutex
stream write
deadlock
vulnerability
local users

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0

Percentile

5.1%

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0

Percentile

5.1%