REDHAT-BUG-2108543
First published: Tue Jul 19 2022(Updated: )
It was discovered that the Hotspot component of OpenJDK did not properly restrict access to the invokeBasic() method of the MethodHandle class. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Build of OpenJDK with Hotspot |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_351
- https://www.oracle.com/java/technologies/javase/8u341-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-16-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-4-relnotes.html
- https://www.oracle.com/java/technologies/javase/18-0-2-relnotes.html
- https://access.redhat.com/errata/RHSA-2022:5685
- https://access.redhat.com/errata/RHSA-2022:5684
- https://access.redhat.com/errata/RHSA-2022:5683
- https://access.redhat.com/errata/RHSA-2022:5681
- https://access.redhat.com/errata/RHSA-2022:5687
- https://access.redhat.com/errata/RHSA-2022:5695
- https://access.redhat.com/errata/RHSA-2022:5701
- https://access.redhat.com/errata/RHSA-2022:5697
- https://access.redhat.com/errata/RHSA-2022:5696
- https://access.redhat.com/errata/RHSA-2022:5700
- https://access.redhat.com/errata/RHSA-2022:5698
- https://access.redhat.com/errata/RHSA-2022:5709
- https://access.redhat.com/errata/RHSA-2022:5726
- https://access.redhat.com/errata/RHSA-2022:5736
- https://access.redhat.com/errata/RHSA-2022:5753
- https://access.redhat.com/errata/RHSA-2022:5754
- https://access.redhat.com/errata/RHSA-2022:5755
- https://access.redhat.com/errata/RHSA-2022:5756
- https://access.redhat.com/errata/RHSA-2022:5757
- https://access.redhat.com/errata/RHSA-2022:5758
- https://github.com/openjdk/jdk17u/commit/860464e46105b98ccf21e98abe2dc6e80155887c
- https://github.com/openjdk/jdk11u/commit/132745902a4601dc64b2c8ca112ca30292feccb4
- https://github.com/openjdk/jdk8u/commit/f14e35d20e1a4d0f507f05838844152f2242c6d3
- https://access.redhat.com/security/cve/cve-2022-21541
- https://bugzilla.redhat.com/show_bug.cgi?id=2108543
Frequently Asked Questions
What is the severity of REDHAT-BUG-2108543?
REDHAT-BUG-2108543 is considered a critical vulnerability because it allows untrusted applications to bypass Java sandbox restrictions.
How do I fix REDHAT-BUG-2108543?
To fix REDHAT-BUG-2108543, update OpenJDK Hotspot to the latest patched version that addresses this vulnerability.
Which versions of OpenJDK Hotspot are affected by REDHAT-BUG-2108543?
REDHAT-BUG-2108543 affects multiple versions of OpenJDK Hotspot, specifically those that do not implement proper restrictions on the invokeBasic() method.
Can REDHAT-BUG-2108543 lead to remote code execution?
Yes, REDHAT-BUG-2108543 can potentially allow an attacker to execute arbitrary code on a user's machine by bypassing the Java sandbox.
Is it safe to run untrusted Java applications with REDHAT-BUG-2108543 present?
No, running untrusted Java applications with REDHAT-BUG-2108543 present poses significant security risks due to the vulnerability's ability to circumvent safety measures.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21541
- agent/references
- agent/last-modified-date
- agent/severity
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/microsoft build of openjdk with hotspot