REDHAT-BUG-2257859
First published: Thu Jan 11 2024(Updated: )
A flaw was found in the loop optimizations performed by the Hotspot component of OpenJDK when generating range check predicates. An untrusted Java application or applet could use this flaw to corrupt JVM memory and cause it to crash or, possibly, execute arbitrary code, bypassing Java sandbox restrictions.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Build of OpenJDK with Hotspot |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:0249
- https://access.redhat.com/errata/RHSA-2024:0225
- https://access.redhat.com/errata/RHSA-2024:0234
- https://access.redhat.com/errata/RHSA-2024:0241
- https://access.redhat.com/errata/RHSA-2024:0222
- https://access.redhat.com/errata/RHSA-2024:0230
- https://access.redhat.com/errata/RHSA-2024:0231
- https://access.redhat.com/errata/RHSA-2024:0239
- https://access.redhat.com/errata/RHSA-2024:0246
- https://access.redhat.com/errata/RHSA-2024:0240
- https://access.redhat.com/errata/RHSA-2024:0247
- https://access.redhat.com/errata/RHSA-2024:0250
- https://access.redhat.com/errata/RHSA-2024:0224
- https://access.redhat.com/errata/RHSA-2024:0223
- https://access.redhat.com/errata/RHSA-2024:0232
- https://access.redhat.com/errata/RHSA-2024:0226
- https://access.redhat.com/errata/RHSA-2024:0233
- https://access.redhat.com/errata/RHSA-2024:0235
- https://access.redhat.com/errata/RHSA-2024:0265
- https://access.redhat.com/errata/RHSA-2024:0267
- https://access.redhat.com/errata/RHSA-2024:0228
- https://access.redhat.com/errata/RHSA-2024:0242
- https://access.redhat.com/errata/RHSA-2024:0237
- https://access.redhat.com/errata/RHSA-2024:0244
- https://access.redhat.com/errata/RHSA-2024:0248
- https://access.redhat.com/errata/RHSA-2024:0266
- https://github.com/openjdk/jdk8u/commit/f7cb28de01117f598ecf48ad58e277c3a4590436
- https://github.com/openjdk/jdk11u/commit/e059fc7575a8c450a5ed227651a00ebc355e3a46
- https://github.com/openjdk/jdk17u/commit/c5723c0948c902491f52a4ec9bb57c3f93552a0c
- https://github.com/openjdk/jdk21u/commit/10ccbebc8f60553325179d11267370e0028cbfa4
- https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u401-relnotes.html
- https://www.oracle.com/java/technologies/javase/8u401-perf-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-22-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-10-relnotes.html
- https://www.oracle.com/java/technologies/javase/21-0-2-relnotes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2257859
Frequently Asked Questions
What is the severity of REDHAT-BUG-2257859?
The severity of REDHAT-BUG-2257859 is critical due to the potential for arbitrary code execution.
How do I fix REDHAT-BUG-2257859?
To fix REDHAT-BUG-2257859, update to the latest version of OpenJDK Hotspot that includes the patch.
What are the risks of not addressing REDHAT-BUG-2257859?
Not addressing REDHAT-BUG-2257859 may result in JVM memory corruption, application crashes, and possible security breaches.
Which versions of OpenJDK Hotspot are affected by REDHAT-BUG-2257859?
REDHAT-BUG-2257859 affects multiple versions of OpenJDK Hotspot, particularly those prior to the designated patches.
Can REDHAT-BUG-2257859 be exploited remotely?
Yes, REDHAT-BUG-2257859 can potentially be exploited remotely by untrusted Java applications or applets.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-20921
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/microsoft build of openjdk with hotspot