CVE-2024-21212 – This vulnerability in Oracle MySQL Server's Hea... (How to Fix)

Q: What is the severity of CVE-2024-21212?

CVE-2024-21212 has a CVSS score of 4.4 (MEDIUM). This vulnerability in Oracle MySQL Server's Health Monitor component allows high-privileged attackers with network access to cause denial of service by crashing or hanging the server. Affected versions include MySQL 8.0.39 and earlier, plus 8.4.0. Exploitation requires specific conditions, making it difficult to execute.

📋 TL;DR

This vulnerability in Oracle MySQL Server's Health Monitor component allows high-privileged attackers with network access to cause denial of service by crashing or hanging the server. Affected versions include MySQL 8.0.39 and earlier, plus 8.4.0. Exploitation requires specific conditions, making it difficult to execute.

💻 Affected Systems

Products:

Oracle MySQL Server

Versions: 8.0.39 and prior, 8.4.0

Operating Systems: All platforms running affected MySQL versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Health Monitor component to be active and attacker to have high privileges (PR:H).

📦 What is this software?

Mysql by Oracle

View all CVEs affecting Mysql →

Mysql by Oracle

View all CVEs affecting Mysql →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete MySQL server outage causing application downtime and data unavailability until service restoration.

🟠

Likely Case

Intermittent service disruptions requiring manual intervention to restart MySQL processes.

🟢

If Mitigated

Minimal impact due to network segmentation and privilege restrictions limiting attack surface.

🌐 Internet-Facing: LOW - Requires high privileges and complex exploitation even with network access.

🏢 Internal Only: MEDIUM - Internal attackers with administrative access could disrupt critical database services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Oracle describes as 'difficult to exploit' requiring high privileges and specific conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.40 and later, 8.4.1 and later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2024.html

Restart Required: Yes

Instructions:

1. Download latest MySQL patch from Oracle. 2. Backup databases. 3. Stop MySQL service. 4. Apply patch. 5. Restart MySQL service. 6. Verify version.

🔧 Temporary Workarounds

Restrict Network Access

linux

Limit MySQL server access to trusted networks only

iptables -A INPUT -p tcp --dport 3306 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

Minimize Privileges

all

Reduce number of accounts with high privileges

REVOKE ALL PRIVILEGES ON *.* FROM 'admin'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE ON app_db.* TO 'app_user'@'%';

🧯 If You Can't Patch

Implement strict network segmentation to isolate MySQL servers
Enforce principle of least privilege for all database accounts

🔍 How to Verify

Check if Vulnerable:

Run 'SELECT VERSION();' in MySQL and compare against affected versions

Check Version:

mysql -u root -p -e 'SELECT VERSION();'

Verify Fix Applied:

Confirm version is 8.0.40+ or 8.4.1+ using 'SELECT VERSION();'

📡 Detection & Monitoring

Log Indicators:

Unexpected MySQL crashes
Health Monitor process failures
Connection resets from privileged accounts

Network Indicators:

Multiple connection attempts from single privileged source
Unusual protocol traffic to MySQL

SIEM Query:

source="mysql.log" ("crash" OR "hang" OR "segfault") AND user="root" OR user="admin"

📊 Metadata

CVE ID: CVE-2024-21212

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Published: October 15, 2024

Last Updated: November 21, 2024

🔗 References

https://www.oracle.com/security-alerts/cpuoct2024.html Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20241025-0008/

📤 Share & Export

📄 Export Markdown 📋 Export JSON