REDHAT-BUG-2275003: Integer Overflow
First published: Sun Apr 14 2024(Updated: )
It was discovered that the C1 compiler in the Hotspot component of OpenJDK did not correctly apply an unsigned integer left shift to calculate the actual address offset under certain conditions. This could lead to an integer overflow and out-of-bounds array access, potentially corrupting the JVM memory.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Build of OpenJDK with Hotspot |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:1817
- https://access.redhat.com/errata/RHSA-2024:1816
- https://access.redhat.com/errata/RHSA-2024:1815
- https://access.redhat.com/errata/RHSA-2024:1820
- https://access.redhat.com/errata/RHSA-2024:1824
- https://access.redhat.com/errata/RHSA-2024:1823
- https://access.redhat.com/errata/RHSA-2024:1827
- https://access.redhat.com/errata/RHSA-2024:1825
- https://access.redhat.com/errata/RHSA-2024:1818
- https://access.redhat.com/errata/RHSA-2024:1826
- https://access.redhat.com/errata/RHSA-2024:1828
- https://access.redhat.com/errata/RHSA-2024:1819
- https://access.redhat.com/errata/RHSA-2024:1821
- https://access.redhat.com/errata/RHSA-2024:1822
- https://github.com/openjdk/jdk21u/commit/517bd93d019ceeae9c10460b709b54581f4f48ed
- https://github.com/openjdk/jdk17u/commit/07873cca21dc961f5f303422340fc0a3c2d68f0d
- https://github.com/openjdk/jdk11u/commit/a57f289f7d581f1b014899db582b17d3c020ddbc
- https://github.com/openjdk/jdk8u/commit/97be54783b8e5464dcb9796c1714e8b69c106409
- https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u411-relnotes.html
- https://www.oracle.com/java/technologies/javase/8u411-perf-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-23-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-11-relnotes.html
- https://www.oracle.com/java/technologies/javase/21-0-3-relnotes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2275003
Frequently Asked Questions
What is the severity of REDHAT-BUG-2275003?
REDHAT-BUG-2275003 has a high severity rating due to the potential for integer overflow and out-of-bounds array access in the JVM.
How do I fix REDHAT-BUG-2275003?
To fix REDHAT-BUG-2275003, update to the latest patched version of OpenJDK Hotspot that addresses this vulnerability.
Which versions of OpenJDK are affected by REDHAT-BUG-2275003?
REDHAT-BUG-2275003 affects certain versions of OpenJDK Hotspot where the C1 compiler is used.
What are the risks of ignoring REDHAT-BUG-2275003?
Ignoring REDHAT-BUG-2275003 could result in Java Virtual Machine crashes or potential exploitation of the system through memory corruption.
Is there a workaround for REDHAT-BUG-2275003?
There is no recommended workaround for REDHAT-BUG-2275003, so applying the security update is essential.
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/type
- agent/references
- agent/source
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-21068
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/microsoft build of openjdk with hotspot