CVE-2022-31622: 
MariaDB Server vulnerability analysis and mitigation

CVE-2022-31622 is a security vulnerability in MariaDB that involves improper locking in the ds_compress.cc file. The vulnerability was discovered in MariaDB versions prior to 10.7 and affects the mariabackup component. The issue was identified and fixed in multiple MariaDB versions including 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, and 10.7.2 (MariaDB JIRA).

The vulnerability occurs in the create_worker_threads method within extra/mariabackup/ds_compress.cc file, where a lock (thd->ctrl_mutex) is not properly released when an error occurs during pthread_create. This improper locking mechanism could lead to a deadlock situation when pthread_create returns a nonzero value (GitHub Commit). The vulnerability has been assigned a CVSS score of 5.5 (MEDIUM) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NetApp Security).

The successful exploitation of this vulnerability could lead to a Denial of Service (DoS) condition due to the unreleased lock in the system (NetApp Security).

The vulnerability has been fixed in MariaDB versions 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, and 10.7.2. The fix involves adding a proper mutex unlock call in the error handling path of the create_worker_threads function (Red Hat Advisory).