{"id":"CVE-2022-38791","details":"In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.","aliases":["BIT-mariadb-2022-38791","BIT-mariadb-min-2022-38791","BIT-mysql-client-2022-38791"],"modified":"2026-04-12T01:27:55.136334Z","published":"2022-08-27T20:15:08.290Z","related":["ALSA-2023:5259","ALSA-2023:5683","ALSA-2023:5684","SUSE-RU-2022:3855-1","SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2022:3391-1","SUSE-SU-2023:0631-1","openSUSE-SU-2024:12360-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WCOEGSVMIEXDZHBOSV6WVF7FAVRBR2JE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTVAONAZXJFGHAJ4RP2OF3EAMQCOTDSQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZHISY4YVO4S5QJYYIXCIAXBM7INOL4VY/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221104-0008/"},{"type":"REPORT","url":"https://jira.mariadb.org/browse/MDEV-28719"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"20ae591abd0bfe1bfaee546989ee163f4ef832b1"},{"fixed":"faddcf3c395da640b760c3f701f5bc1f3baae6c4"},{"introduced":"c761b43451d54eeeecdf3c102906fcce88d4e9d9"},{"fixed":"65e8506ca9d03967191b6ed207cf107d311f7f99"},{"introduced":"7c7f9bef28aa566557da31402142f6dd8298ddd2"},{"fixed":"1ac0bce36e5bf2136cedb1ce1da949f53cce4404"},{"introduced":"1a647b700f6b72dc97211510a5d0c647d5d3d911"},{"fixed":"b8f6d315fe4fe62ef73f6fb4f45e004fcedec20c"},{"introduced":"0"},{"fixed":"98d7ac1fbe2d61c0d21e2c22808ef808f29c0827"},{"introduced":"0"},{"fixed":"6ffbc0e510cdaafe0494acd04e48d1f44727e86a"},{"introduced":"0"},{"last_affected":"bf2bdd1a1a112c3bbdf53da7a663a59fafa62c7d"}],"database_specific":{"versions":[{"introduced":"10.3.0"},{"fixed":"10.3.36"},{"introduced":"10.4.0"},{"fixed":"10.4.26"},{"introduced":"10.5.0"},{"fixed":"10.5.17"},{"introduced":"10.6.0"},{"fixed":"10.6.9"},{"introduced":"10.7.0"},{"fixed":"10.7.5"},{"introduced":"10.8.0"},{"fixed":"10.8.4"},{"introduced":"0"},{"last_affected":"10.9.1"}]}}],"versions":["mariadb-10.3.0","mariadb-10.3.1","mariadb-10.3.10","mariadb-10.3.12","mariadb-10.3.16","mariadb-10.3.17","mariadb-10.3.18","mariadb-10.3.19","mariadb-10.3.2","mariadb-10.3.20","mariadb-10.3.21","mariadb-10.3.26","mariadb-10.3.30","mariadb-10.3.31","mariadb-10.3.33","mariadb-10.3.35","mariadb-10.3.4","mariadb-10.3.5","mariadb-10.3.6","mariadb-10.3.7","mariadb-10.4.10","mariadb-10.4.11","mariadb-10.4.20","mariadb-10.4.21","mariadb-10.4.22","mariadb-10.4.23","mariadb-10.4.25","mariadb-10.4.3","mariadb-10.4.4","mariadb-10.4.5","mariadb-10.4.7","mariadb-10.4.9","mariadb-10.5.0","mariadb-10.5.11","mariadb-10.5.12","mariadb-10.5.13","mariadb-10.5.14","mariadb-10.5.16","mariadb-10.5.2","mariadb-10.5.4","mariadb-10.6.0","mariadb-10.6.1","mariadb-10.6.2","mariadb-10.6.3","mariadb-10.6.4","mariadb-10.6.5","mariadb-10.6.6","mariadb-10.6.8","mariadb-10.7.1","mariadb-10.7.2","mariadb-10.7.4","mariadb-10.8.1","mariadb-10.8.3","mariadb-10.9.1"],"database_specific":{"vanir_signatures_modified":"2026-04-12T01:27:55Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38791.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"36"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}],"vanir_signatures":[{"id":"CVE-2022-38791-bab28f5d","signature_type":"Function","source":"https://github.com/mariadb/server/commit/faddcf3c395da640b760c3f701f5bc1f3baae6c4","signature_version":"v1","digest":{"length":1094,"function_hash":"96567548985656349046472553596954460768"},"target":{"file":"sql/strfunc.cc","function":"find_set"},"deprecated":false},{"id":"CVE-2022-38791-ee10862f","signature_type":"Line","source":"https://github.com/mariadb/server/commit/faddcf3c395da640b760c3f701f5bc1f3baae6c4","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["271363707396860767418283350345897486504","120596951573328682502907908502941671745","115421961338400510566446524145876737974","64074615696916198601226435566349591945"]},"target":{"file":"sql/strfunc.cc"},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}