CVE-2021-2402: 
MySQL vulnerability analysis and mitigation

CVE-2021-2402 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Locking component. The vulnerability affects MySQL versions 8.0.25 and prior. This security issue was disclosed in July 2021 as part of Oracle's Critical Patch Update (Oracle Advisory).

The vulnerability is classified as an easily exploitable security flaw that requires high privileged attacker access with network access via multiple protocols to compromise MySQL Server. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.9 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. The vulnerability only affects the availability of the system, with no direct impact on confidentiality or integrity (Oracle Advisory).

Oracle has released patches for this vulnerability in MySQL version 8.0.26. Users are strongly recommended to update to this version or later to address the security issue. The fix has been included in various distribution updates, including Ubuntu's MySQL packages 8.0.26-0ubuntu0.21.04.3 for Ubuntu 21.04 and 8.0.26-0ubuntu0.20.04.2 for Ubuntu 20.04 (Ubuntu Notice).