What is the vulnerability ID of this issue?

The vulnerability ID is CVE-2022-38791.

What is the severity level of CVE-2022-38791?

The severity level of CVE-2022-38791 is medium (5.5).

Which software versions are affected by CVE-2022-38791?

The software versions affected by CVE-2022-38791 include MariaDB versions 10.3.0 to 10.3.36, 10.4.0 to 10.4.26, 10.5.0 to 10.5.17, 10.6.0 to 10.6.9, 10.7.0 to 10.7.5, 10.8.0 to 10.8.4, and 10.9.1.

What is the description of CVE-2022-38791?

CVE-2022-38791 is a vulnerability in MariaDB that allows local users to trigger a deadlock by exploiting a failure in the compress_write function.

Where can I find more information about CVE-2022-38791?

More information about CVE-2022-38791 can be found at the following references: [Reference 1](https://jira.mariadb.org/browse/MDEV-28719), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE/), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ/)

Vulnerability/
CVE-2022-38791

medium

5.5

CWE

667

27/8/2022

3/8/2024

CVE-2022-38791

First published: Sat Aug 27 2022(Updated: )

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Mariadb Mariadb	>=10.3.0<10.3.36
Mariadb Mariadb	>=10.4.0<10.4.26
Mariadb Mariadb	>=10.5.0<10.5.17
Mariadb Mariadb	>=10.6.0<10.6.9
Mariadb Mariadb	>=10.7.0<10.7.5
Mariadb Mariadb	>=10.8.0<10.8.4
Mariadb Mariadb	=10.9.1
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37
redhat/mariadb	<10.9.2	10.9.2
redhat/mariadb	<10.8.4	10.8.4
redhat/mariadb	<10.7.5	10.7.5
redhat/mariadb	<10.6.9	10.6.9
redhat/mariadb	<10.5.17	10.5.17
redhat/mariadb	<10.4.26	10.4.26
redhat/mariadb	<10.3.36	10.3.36

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2022-38791.
What is the severity level of CVE-2022-38791?
The severity level of CVE-2022-38791 is medium (5.5).
Which software versions are affected by CVE-2022-38791?
The software versions affected by CVE-2022-38791 include MariaDB versions 10.3.0 to 10.3.36, 10.4.0 to 10.4.26, 10.5.0 to 10.5.17, 10.6.0 to 10.6.9, 10.7.0 to 10.7.5, 10.8.0 to 10.8.4, and 10.9.1.
What is the description of CVE-2022-38791?
CVE-2022-38791 is a vulnerability in MariaDB that allows local users to trigger a deadlock by exploiting a failure in the compress_write function.
Where can I find more information about CVE-2022-38791?
More information about CVE-2022-38791 can be found at the following references: [Reference 1](https://jira.mariadb.org/browse/MDEV-28719), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE/), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ/)

collector/nvd-index
collector/nvd-api
agent/author
agent/type
agent/softwarecombine
agent/weakness
agent/severity
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-38791
agent/software-canonical-lookup
agent/trending
vendor/mariadb
canonical/mariadb mariadb
version/mariadb mariadb/10.3.0
version/mariadb mariadb/10.4.0
version/mariadb mariadb/10.5.0
version/mariadb mariadb/10.6.0
version/mariadb mariadb/10.7.0
version/mariadb mariadb/10.8.0
version/mariadb mariadb/10.9.1
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/35
version/fedoraproject fedora/36
version/fedoraproject fedora/37
package-manager/redhat