CVE-2022-21540
First published: Tue Jul 19 2022(Updated: )
A flaw was found in the way the Hotspot component of OpenJDK generated class code. An untrusted Java application or applet could potentially use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.21+9-1 | |
| debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.8+7-1~deb12u1 17.0.9+9-1 | |
| debian/openjdk-8 | 8u392-ga-1 | |
| IBM Cloud Transformation Advisor | <=2.0.1 - 3.3.1 | |
| Oracle GraalVM | =20.3.6 | |
| Oracle GraalVM | =21.3.2 | |
| Oracle GraalVM | =22.1.0 | |
| Oracle JDK | =1.7.0-update343 | |
| Oracle JDK | =1.8.0-update333 | |
| Oracle JDK | =11.0.15.1 | |
| Oracle JDK | =17.0.3.1 | |
| Oracle JDK | =18.0.1.1 | |
| Oracle JRE | =1.7.0-update343 | |
| Oracle JRE | =1.8.0-update333 | |
| Oracle JRE | =11.0.15.1 | |
| Oracle JRE | =17.0.3.1 | |
| Oracle JRE | =18.0.1.1 | |
| Oracle OpenJDK | >=11<=11.0.15 | |
| Oracle OpenJDK | >=13<=13.0.11 | |
| Oracle OpenJDK | >=15<=15.0.7 | |
| Oracle OpenJDK | >=17<=17.0.3 | |
| Oracle OpenJDK | =7 | |
| Oracle OpenJDK | =7-update1 | |
| Oracle OpenJDK | =7-update10 | |
| Oracle OpenJDK | =7-update101 | |
| Oracle OpenJDK | =7-update11 | |
| Oracle OpenJDK | =7-update111 | |
| Oracle OpenJDK | =7-update121 | |
| Oracle OpenJDK | =7-update13 | |
| Oracle OpenJDK | =7-update131 | |
| Oracle OpenJDK | =7-update141 | |
| Oracle OpenJDK | =7-update15 | |
| Oracle OpenJDK | =7-update151 | |
| Oracle OpenJDK | =7-update161 | |
| Oracle OpenJDK | =7-update17 | |
| Oracle OpenJDK | =7-update171 | |
| Oracle OpenJDK | =7-update181 | |
| Oracle OpenJDK | =7-update191 | |
| Oracle OpenJDK | =7-update2 | |
| Oracle OpenJDK | =7-update201 | |
| Oracle OpenJDK | =7-update21 | |
| Oracle OpenJDK | =7-update211 | |
| Oracle OpenJDK | =7-update221 | |
| Oracle OpenJDK | =7-update231 | |
| Oracle OpenJDK | =7-update241 | |
| Oracle OpenJDK | =7-update25 | |
| Oracle OpenJDK | =7-update251 | |
| Oracle OpenJDK | =7-update261 | |
| Oracle OpenJDK | =7-update271 | |
| Oracle OpenJDK | =7-update281 | |
| Oracle OpenJDK | =7-update291 | |
| Oracle OpenJDK | =7-update3 | |
| Oracle OpenJDK | =7-update301 | |
| Oracle OpenJDK | =7-update311 | |
| Oracle OpenJDK | =7-update321 | |
| Oracle OpenJDK | =7-update4 | |
| Oracle OpenJDK | =7-update40 | |
| Oracle OpenJDK | =7-update45 | |
| Oracle OpenJDK | =7-update5 | |
| Oracle OpenJDK | =7-update51 | |
| Oracle OpenJDK | =7-update55 | |
| Oracle OpenJDK | =7-update6 | |
| Oracle OpenJDK | =7-update60 | |
| Oracle OpenJDK | =7-update65 | |
| Oracle OpenJDK | =7-update67 | |
| Oracle OpenJDK | =7-update7 | |
| Oracle OpenJDK | =7-update72 | |
| Oracle OpenJDK | =7-update76 | |
| Oracle OpenJDK | =7-update80 | |
| Oracle OpenJDK | =7-update85 | |
| Oracle OpenJDK | =7-update9 | |
| Oracle OpenJDK | =7-update91 | |
| Oracle OpenJDK | =7-update95 | |
| Oracle OpenJDK | =7-update97 | |
| Oracle OpenJDK | =7-update99 | |
| Oracle OpenJDK | =8 | |
| Oracle OpenJDK | =8-milestone1 | |
| Oracle OpenJDK | =8-milestone2 | |
| Oracle OpenJDK | =8-milestone3 | |
| Oracle OpenJDK | =8-milestone4 | |
| Oracle OpenJDK | =8-milestone5 | |
| Oracle OpenJDK | =8-milestone6 | |
| Oracle OpenJDK | =8-milestone7 | |
| Oracle OpenJDK | =8-milestone8 | |
| Oracle OpenJDK | =8-milestone9 | |
| Oracle OpenJDK | =8-update101 | |
| Oracle OpenJDK | =8-update102 | |
| Oracle OpenJDK | =8-update11 | |
| Oracle OpenJDK | =8-update111 | |
| Oracle OpenJDK | =8-update112 | |
| Oracle OpenJDK | =8-update121 | |
| Oracle OpenJDK | =8-update131 | |
| Oracle OpenJDK | =8-update141 | |
| Oracle OpenJDK | =8-update151 | |
| Oracle OpenJDK | =8-update152 | |
| Oracle OpenJDK | =8-update161 | |
| Oracle OpenJDK | =8-update162 | |
| Oracle OpenJDK | =8-update171 | |
| Oracle OpenJDK | =8-update172 | |
| Oracle OpenJDK | =8-update181 | |
| Oracle OpenJDK | =8-update191 | |
| Oracle OpenJDK | =8-update192 | |
| Oracle OpenJDK | =8-update20 | |
| Oracle OpenJDK | =8-update201 | |
| Oracle OpenJDK | =8-update202 | |
| Oracle OpenJDK | =8-update211 | |
| Oracle OpenJDK | =8-update212 | |
| Oracle OpenJDK | =8-update221 | |
| Oracle OpenJDK | =8-update222 | |
| Oracle OpenJDK | =8-update231 | |
| Oracle OpenJDK | =8-update232 | |
| Oracle OpenJDK | =8-update241 | |
| Oracle OpenJDK | =8-update242 | |
| Oracle OpenJDK | =8-update25 | |
| Oracle OpenJDK | =8-update252 | |
| Oracle OpenJDK | =8-update262 | |
| Oracle OpenJDK | =8-update271 | |
| Oracle OpenJDK | =8-update281 | |
| Oracle OpenJDK | =8-update282 | |
| Oracle OpenJDK | =8-update291 | |
| Oracle OpenJDK | =8-update301 | |
| Oracle OpenJDK | =8-update302 | |
| Oracle OpenJDK | =8-update31 | |
| Oracle OpenJDK | =8-update312 | |
| Oracle OpenJDK | =8-update322 | |
| Oracle OpenJDK | =8-update332 | |
| Oracle OpenJDK | =8-update40 | |
| Oracle OpenJDK | =8-update45 | |
| Oracle OpenJDK | =8-update5 | |
| Oracle OpenJDK | =8-update51 | |
| Oracle OpenJDK | =8-update60 | |
| Oracle OpenJDK | =8-update65 | |
| Oracle OpenJDK | =8-update66 | |
| Oracle OpenJDK | =8-update71 | |
| Oracle OpenJDK | =8-update72 | |
| Oracle OpenJDK | =8-update73 | |
| Oracle OpenJDK | =8-update74 | |
| Oracle OpenJDK | =8-update77 | |
| Oracle OpenJDK | =8-update91 | |
| Oracle OpenJDK | =8-update92 | |
| Oracle OpenJDK | =18 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Active Iq Unified Manager Windows | ||
| Netapp Cloud Insights Acquisition Unit | ||
| Netapp Cloud Secure Agent | ||
| Netapp Hci Management Node | ||
| NetApp OnCommand Insight | ||
| Netapp Solidfire | ||
| Netapp Hci Compute Node | ||
| Azul Zulu | =6.47 | |
| Azul Zulu | =7.54 | |
| Azul Zulu | =8.62 | |
| Azul Zulu | =11.56 | |
| Azul Zulu | =13.48 | |
| Azul Zulu | =15.40 | |
| Azul Zulu | =17.34 | |
| Azul Zulu | =18.30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2022-21540
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.debian.org/security/2022/dsa-5188
- https://www.debian.org/security/2022/dsa-5192
- https://security.netapp.com/advisory/ntap-20220729-0009/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
- https://security.gentoo.org/glsa/202401-25
- https://exchange.xforce.ibmcloud.com/vulnerabilities/231567
- https://www.ibm.com/support/pages/node/6846257 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
- https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_351
- https://www.oracle.com/java/technologies/javase/8u341-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-16-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-4-relnotes.html
- https://www.oracle.com/java/technologies/javase/18-0-2-relnotes.html
- https://access.redhat.com/errata/RHSA-2022:5685
- https://access.redhat.com/errata/RHSA-2022:5684
- https://access.redhat.com/errata/RHSA-2022:5683
- https://access.redhat.com/errata/RHSA-2022:5681
- https://access.redhat.com/errata/RHSA-2022:5687
- https://access.redhat.com/errata/RHSA-2022:5695
- https://access.redhat.com/errata/RHSA-2022:5701
- https://access.redhat.com/errata/RHSA-2022:5697
- https://access.redhat.com/errata/RHSA-2022:5696
- https://access.redhat.com/errata/RHSA-2022:5700
- https://access.redhat.com/errata/RHSA-2022:5698
- https://access.redhat.com/errata/RHSA-2022:5709
- https://access.redhat.com/errata/RHSA-2022:5726
- https://access.redhat.com/errata/RHSA-2022:5736
- https://access.redhat.com/errata/RHSA-2022:5753
- https://access.redhat.com/errata/RHSA-2022:5754
- https://access.redhat.com/errata/RHSA-2022:5755
- https://access.redhat.com/errata/RHSA-2022:5756
- https://access.redhat.com/errata/RHSA-2022:5757
- https://access.redhat.com/errata/RHSA-2022:5758
- https://github.com/openjdk/jdk17u/commit/8be0fc09f0ba2dd1dbfd6627456fa929d5574b04
- https://github.com/openjdk/jdk11u/commit/6c0ba0785a2f0900be301f72764cf4dcfa720991
- https://github.com/openjdk/jdk8u/commit/1dafef08cc922ee85a8e216387100dc681a5484d
- https://access.redhat.com/security/cve/cve-2022-21540
- https://bugzilla.redhat.com/show_bug.cgi?id=2108540
- collector/security-tracker-debian
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/author
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21540
- package-manager/debian
- vendor/ibm
- canonical/ibm cloud transformation advisor
- version/ibm cloud transformation advisor/2.0.1 - 3.3.1
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/20.3.6
- version/oracle graalvm/21.3.2
- version/oracle graalvm/22.1.0
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update343
- version/oracle jdk/1.8.0-update333
- version/oracle jdk/11.0.15.1
- version/oracle jdk/17.0.3.1
- version/oracle jdk/18.0.1.1
- canonical/oracle jre
- version/oracle jre/1.7.0-update343
- version/oracle jre/1.8.0-update333
- version/oracle jre/11.0.15.1
- version/oracle jre/17.0.3.1
- version/oracle jre/18.0.1.1
- canonical/oracle openjdk
- version/oracle openjdk/11
- version/oracle openjdk/11.0.15
- version/oracle openjdk/13
- version/oracle openjdk/13.0.11
- version/oracle openjdk/15
- version/oracle openjdk/15.0.7
- version/oracle openjdk/17
- version/oracle openjdk/17.0.3
- version/oracle openjdk/7
- version/oracle openjdk/7-update1
- version/oracle openjdk/7-update10
- version/oracle openjdk/7-update101
- version/oracle openjdk/7-update11
- version/oracle openjdk/7-update111
- version/oracle openjdk/7-update121
- version/oracle openjdk/7-update13
- version/oracle openjdk/7-update131
- version/oracle openjdk/7-update141
- version/oracle openjdk/7-update15
- version/oracle openjdk/7-update151
- version/oracle openjdk/7-update161
- version/oracle openjdk/7-update17
- version/oracle openjdk/7-update171
- version/oracle openjdk/7-update181
- version/oracle openjdk/7-update191
- version/oracle openjdk/7-update2
- version/oracle openjdk/7-update201
- version/oracle openjdk/7-update21
- version/oracle openjdk/7-update211
- version/oracle openjdk/7-update221
- version/oracle openjdk/7-update231
- version/oracle openjdk/7-update241
- version/oracle openjdk/7-update25
- version/oracle openjdk/7-update251
- version/oracle openjdk/7-update261
- version/oracle openjdk/7-update271
- version/oracle openjdk/7-update281
- version/oracle openjdk/7-update291
- version/oracle openjdk/7-update3
- version/oracle openjdk/7-update301
- version/oracle openjdk/7-update311
- version/oracle openjdk/7-update321
- version/oracle openjdk/7-update4
- version/oracle openjdk/7-update40
- version/oracle openjdk/7-update45
- version/oracle openjdk/7-update5
- version/oracle openjdk/7-update51
- version/oracle openjdk/7-update55
- version/oracle openjdk/7-update6
- version/oracle openjdk/7-update60
- version/oracle openjdk/7-update65
- version/oracle openjdk/7-update67
- version/oracle openjdk/7-update7
- version/oracle openjdk/7-update72
- version/oracle openjdk/7-update76
- version/oracle openjdk/7-update80
- version/oracle openjdk/7-update85
- version/oracle openjdk/7-update9
- version/oracle openjdk/7-update91
- version/oracle openjdk/7-update95
- version/oracle openjdk/7-update97
- version/oracle openjdk/7-update99
- version/oracle openjdk/8
- version/oracle openjdk/8-milestone1
- version/oracle openjdk/8-milestone2
- version/oracle openjdk/8-milestone3
- version/oracle openjdk/8-milestone4
- version/oracle openjdk/8-milestone5
- version/oracle openjdk/8-milestone6
- version/oracle openjdk/8-milestone7
- version/oracle openjdk/8-milestone8
- version/oracle openjdk/8-milestone9
- version/oracle openjdk/8-update101
- version/oracle openjdk/8-update102
- version/oracle openjdk/8-update11
- version/oracle openjdk/8-update111
- version/oracle openjdk/8-update112
- version/oracle openjdk/8-update121
- version/oracle openjdk/8-update131
- version/oracle openjdk/8-update141
- version/oracle openjdk/8-update151
- version/oracle openjdk/8-update152
- version/oracle openjdk/8-update161
- version/oracle openjdk/8-update162
- version/oracle openjdk/8-update171
- version/oracle openjdk/8-update172
- version/oracle openjdk/8-update181
- version/oracle openjdk/8-update191
- version/oracle openjdk/8-update192
- version/oracle openjdk/8-update20
- version/oracle openjdk/8-update201
- version/oracle openjdk/8-update202
- version/oracle openjdk/8-update211
- version/oracle openjdk/8-update212
- version/oracle openjdk/8-update221
- version/oracle openjdk/8-update222
- version/oracle openjdk/8-update231
- version/oracle openjdk/8-update232
- version/oracle openjdk/8-update241
- version/oracle openjdk/8-update242
- version/oracle openjdk/8-update25
- version/oracle openjdk/8-update252
- version/oracle openjdk/8-update262
- version/oracle openjdk/8-update271
- version/oracle openjdk/8-update281
- version/oracle openjdk/8-update282
- version/oracle openjdk/8-update291
- version/oracle openjdk/8-update301
- version/oracle openjdk/8-update302
- version/oracle openjdk/8-update31
- version/oracle openjdk/8-update312
- version/oracle openjdk/8-update322
- version/oracle openjdk/8-update332
- version/oracle openjdk/8-update40
- version/oracle openjdk/8-update45
- version/oracle openjdk/8-update5
- version/oracle openjdk/8-update51
- version/oracle openjdk/8-update60
- version/oracle openjdk/8-update65
- version/oracle openjdk/8-update66
- version/oracle openjdk/8-update71
- version/oracle openjdk/8-update72
- version/oracle openjdk/8-update73
- version/oracle openjdk/8-update74
- version/oracle openjdk/8-update77
- version/oracle openjdk/8-update91
- version/oracle openjdk/8-update92
- version/oracle openjdk/18
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp active iq unified manager windows
- canonical/netapp cloud insights acquisition unit
- canonical/netapp cloud secure agent
- canonical/netapp hci management node
- canonical/netapp oncommand insight
- canonical/netapp solidfire
- canonical/netapp hci compute node
- vendor/azul
- canonical/azul zulu
- version/azul zulu/6.47
- version/azul zulu/7.54
- version/azul zulu/8.62
- version/azul zulu/11.56
- version/azul zulu/13.48
- version/azul zulu/15.40
- version/azul zulu/17.34
- version/azul zulu/18.30