mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

mariadb: fix CVE-2025-21490

Browse Source 
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior
and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References:
https://nvd.nist.gov/vuln/detail/CVE-2025-21490
https://security-tracker.debian.org/tracker/CVE-2025-21490

Upstream-patch:
https://github.com/MariaDB/server/commit/82310f926b7c6547f25dd80e4edf3f38b22913e5

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Divya Chellam
2025-10-24 17:56:22 +05:30
committed by Gyorgy Sarvari
parent 9f802bd1a3
commit 63bb7a478e
2 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-dbs/mysql/mariadb.inc
+1
View File
@@ -33,6 +33,7 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \
file://CVE-2024-21096-0003.patch \
file://CVE-2024-21096-0004.patch \
file://CVE-2024-21096-0005.patch \
file://CVE-2025-21490.patch \
"
SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch"
meta-oe/recipes-dbs/mysql/mariadb/CVE-2025-21490.patch
+96
View File
@@ -0,0 +1,96 @@
From 82310f926b7c6547f25dd80e4edf3f38b22913e5 Mon Sep 17 00:00:00 2001
From: Marko Mäkelä <marko.makela@mariadb.com>
Date: Wed, 22 Jan 2025 17:22:07 +0200
Subject: [PATCH] MDEV-29182 Assertion fld->field_no < table->n_v_def failed on
cascade
row_ins_cascade_calc_update_vec(): Skip any virtual columns in the
update vector of the parent table.
Based on mysql/mysql-server@0ac176453bfef7fb1fdfa70af74618c32910181c
Reviewed by: Debarun Banerjee
CVE: CVE-2025-21490
Upstream-Status: Backport [https://github.com/MariaDB/server/commit/82310f926b7c6547f25dd80e4edf3f38b22913e5]
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
mysql-test/suite/innodb/r/foreign_key.result | 17 +++++++++++++++++
mysql-test/suite/innodb/t/foreign_key.test | 15 +++++++++++++++
storage/innobase/row/row0ins.cc | 4 +++-
3 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/mysql-test/suite/innodb/r/foreign_key.result b/mysql-test/suite/innodb/r/foreign_key.result
index acf021db..6348e7a1 100644
--- a/mysql-test/suite/innodb/r/foreign_key.result
+++ b/mysql-test/suite/innodb/r/foreign_key.result
@@ -982,6 +982,23 @@ t2 CREATE TABLE `t2` (
CONSTRAINT `t2_ibfk_1` FOREIGN KEY (`a`) REFERENCES `t1` (`a`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci
drop tables t2, t1;
+#
+# MDEV-29182 Assertion fld->field_no < table->n_v_def failed on cascade
+#
+CREATE TABLE t1(a INT PRIMARY KEY, b VARCHAR(3), c INT AS (LENGTH(b)) VIRTUAL,
+INDEX(c)) ENGINE=InnoDB;
+CREATE TABLE t2(a INT REFERENCES t1(a) ON UPDATE CASCADE,
+b INT GENERATED ALWAYS AS(a) VIRTUAL, INDEX(b)) ENGINE=InnoDB;
+INSERT INTO t1 SET a=1,b='fu';
+INSERT INTO t2 SET a=1;
+UPDATE t1 SET a=2,b='bar';
+SELECT * FROM t1;
+a b c
+2 bar 3
+SELECT * FROM t2;
+a b
+2 2
+DROP TABLE t2,t1;
# End of 10.5 tests
#
# MDEV-26554 Table-rebuilding DDL on parent table causes crash
diff --git a/mysql-test/suite/innodb/t/foreign_key.test b/mysql-test/suite/innodb/t/foreign_key.test
index 4b047ea4..45205cce 100644
--- a/mysql-test/suite/innodb/t/foreign_key.test
+++ b/mysql-test/suite/innodb/t/foreign_key.test
@@ -1007,6 +1007,21 @@ alter table t2 add foreign key(a) references t1;
show create table t2;
drop tables t2, t1;
+
+--echo #
+--echo # MDEV-29182 Assertion fld->field_no < table->n_v_def failed on cascade
+--echo #
+CREATE TABLE t1(a INT PRIMARY KEY, b VARCHAR(3), c INT AS (LENGTH(b)) VIRTUAL,
+ INDEX(c)) ENGINE=InnoDB;
+CREATE TABLE t2(a INT REFERENCES t1(a) ON UPDATE CASCADE,
+ b INT GENERATED ALWAYS AS(a) VIRTUAL, INDEX(b)) ENGINE=InnoDB;
+INSERT INTO t1 SET a=1,b='fu';
+INSERT INTO t2 SET a=1;
+UPDATE t1 SET a=2,b='bar';
+SELECT * FROM t1;
+SELECT * FROM t2;
+DROP TABLE t2,t1;
+
--echo # End of 10.5 tests
--echo #
diff --git a/storage/innobase/row/row0ins.cc b/storage/innobase/row/row0ins.cc
index 8385bcae..0d8ae8aa 100644
--- a/storage/innobase/row/row0ins.cc
+++ b/storage/innobase/row/row0ins.cc
@@ -483,7 +483,9 @@ row_ins_cascade_calc_update_vec(
const upd_field_t* parent_ufield
= &parent_update->fields[j];
- if (parent_ufield->field_no == parent_field_no) {
+ if (parent_ufield->field_no == parent_field_no
+ && !(parent_ufield->new_val.type.prtype
+ & DATA_VIRTUAL)) {
ulint min_size;
const dict_col_t* col;
--
2.40.0