CVE-2022-24050
HIGHMariaDB CONNECT Storage Engine - Privilege Escalation
Title source: llmDescription
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.
References (6)
Core 6
Core References
Patch, Vendor Advisory x_refsource_misc
https://mariadb.com/kb/en/security/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-22-364/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220318-0004/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ4KDAGF3H4D4BDTHRAM6ZEAJJWWMRUO/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZFZVMJL5UDTOZMARLXQIMG3BTG6UNYW/
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
21.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (5)
fedoraproject/fedora
34
fedoraproject/fedora
35
fedoraproject/fedora
36
mariadb/mariadb
10.8.0
mariadb/mariadb
10.2.0 - 10.2.42
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026