Bug 2297963 (CVE-2024-21140)
| Summary: | CVE-2024-21140 OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ahughes, caswilli, chazlett, fjansen, jsamir, kaycoth, kholdawa, khosford, mbalao, neugens, pjindal, security-response-team, sraghupu, sthirugn, vkrizan |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2297109 | ||
| Bug Blocks: | 2297112 | ||
|
Description
Mauro Matteo Cascella
2024-07-15 15:27:21 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:4564 https://access.redhat.com/errata/RHSA-2024:4564 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.24 Via RHSA-2024:4565 https://access.redhat.com/errata/RHSA-2024:4565 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.12 Via RHSA-2024:4569 https://access.redhat.com/errata/RHSA-2024:4569 This issue has been addressed in the following products: Red Hat Build of OpenJDK 21.0.4 Via RHSA-2024:4571 https://access.redhat.com/errata/RHSA-2024:4571 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.12 Via RHSA-2024:4570 https://access.redhat.com/errata/RHSA-2024:4570 This issue has been addressed in the following products: Red Hat Build of OpenJDK 21.0.4 Via RHSA-2024:4572 https://access.redhat.com/errata/RHSA-2024:4572 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.24 Via RHSA-2024:4566 https://access.redhat.com/errata/RHSA-2024:4566 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat Enterprise Linux 9 Via RHSA-2024:4567 https://access.redhat.com/errata/RHSA-2024:4567 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Via RHSA-2024:4573 https://access.redhat.com/errata/RHSA-2024:4573 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u422 Via RHSA-2024:4561 https://access.redhat.com/errata/RHSA-2024:4561 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat Enterprise Linux 9 Via RHSA-2024:4568 https://access.redhat.com/errata/RHSA-2024:4568 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.8 Extended Update Support Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat Enterprise Linux 9 Via RHSA-2024:4563 https://access.redhat.com/errata/RHSA-2024:4563 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:4560 https://access.redhat.com/errata/RHSA-2024:4560 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u422 Via RHSA-2024:4562 https://access.redhat.com/errata/RHSA-2024:4562 OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/45b83c2c56bdd5bb2b66a40fbada147c01928130 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/e3e776509ac23a02bf5cc844dba18c26615500e1 OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/cac9bbe67b038a79915ad16a0e762ef13bf1108b OpenJDK-21 upstream commit: https://github.com/openjdk/jdk21u/commit/dafbd18099ce41c815bfb49fd24112f37b84183f |