CVE-2024-21157 – This vulnerability in MySQL Server's InnoDB com... (How to Fix)

📋 TL;DR

This vulnerability in MySQL Server's InnoDB component allows authenticated high-privileged attackers to cause a denial of service by crashing or hanging the server. It affects MySQL Server versions 8.0.36 and earlier, and 8.4.0 and earlier. Attackers need network access and high privileges to exploit this vulnerability.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.36 and prior, 8.4.0 and prior

Operating Systems: All platforms running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker with high privileges (PR:H in CVSS) and network access via multiple protocols

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete MySQL Server outage causing service disruption for all dependent applications

🟠

Likely Case

Targeted DoS attacks against critical MySQL instances by malicious insiders or compromised admin accounts

🟢

If Mitigated

Limited impact due to proper privilege separation and network segmentation

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Oracle describes as 'easily exploitable' but requires high privileged attacker credentials

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.37 and later, 8.4.1 and later

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html

Restart Required: Yes

Instructions:

1. Download latest MySQL patch from Oracle
2. Backup databases and configuration
3. Stop MySQL service
4. Apply patch/upgrade
5. Restart MySQL service
6. Verify functionality

🔧 Temporary Workarounds

Restrict network access

all

Limit MySQL server exposure to only trusted networks and applications

Configure firewall rules to restrict MySQL port (default 3306) access

Principle of least privilege

all

Minimize accounts with high privileges and implement role-based access control

REVOKE unnecessary privileges from MySQL users
CREATE ROLE minimal_privileges; GRANT SELECT, INSERT, UPDATE, DELETE ON database.* TO minimal_privileges;

🧯 If You Can't Patch

Implement strict network segmentation to isolate MySQL servers from untrusted networks
Enhance monitoring for unusual admin account activity and failed authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check MySQL version: SELECT VERSION(); If version is 8.0.36 or earlier, or 8.4.0 or earlier, system is vulnerable

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

After patching, verify version is 8.0.37+ or 8.4.1+ and monitor for stability

📡 Detection & Monitoring

Log Indicators:

Unexpected MySQL crashes or hangs
Multiple failed connection attempts from admin accounts
Error logs showing InnoDB component failures

Network Indicators:

Unusual traffic patterns to MySQL port from unexpected sources
Multiple rapid connections from single admin account

SIEM Query:

source="mysql.log" ("crash" OR "hang" OR "shutdown") AND component="InnoDB"

📊 Metadata

CVE ID: CVE-2024-21157

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Published: July 16, 2024

Last Updated: November 21, 2024

🔗 References

https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory
https://security.netapp.com/advisory/ntap-20240731-0008/
https://www.oracle.com/security-alerts/cpujul2024.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON