Bug 2237709 (CVE-2022-40433)

Summary: CVE-2022-40433 OpenJDK: segmentation fault in ciMethodBlocks
Product: [Other] Security Response Reporter: Vipul Nair <vinair>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahughes, chazlett, khosford, mbalao, mcascell, neugens, pjindal, sraghupu
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::make_block_at function in OpenJDK (HotSpot VM) 8 (11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively), and may allow an attacker to cause a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2237710    

Description Vipul Nair 2023-09-06 13:15:49 UTC 
An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.
Comment 3 errata-xmlrpc 2023-10-18 16:22:48 UTC 
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u392

Via RHSA-2023:5725 https://access.redhat.com/errata/RHSA-2023:5725
Comment 4 errata-xmlrpc 2023-10-18 22:55:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:5731 https://access.redhat.com/errata/RHSA-2023:5731
Comment 5 errata-xmlrpc 2023-10-18 23:01:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:5732 https://access.redhat.com/errata/RHSA-2023:5732
Comment 6 errata-xmlrpc 2023-10-18 23:01:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:5727 https://access.redhat.com/errata/RHSA-2023:5727
Comment 7 errata-xmlrpc 2023-10-18 23:01:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:5728 https://access.redhat.com/errata/RHSA-2023:5728
Comment 8 errata-xmlrpc 2023-10-18 23:04:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:5729 https://access.redhat.com/errata/RHSA-2023:5729
Comment 9 errata-xmlrpc 2023-10-18 23:04:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:5733 https://access.redhat.com/errata/RHSA-2023:5733
Comment 10 errata-xmlrpc 2023-10-18 23:27:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:5730 https://access.redhat.com/errata/RHSA-2023:5730