Bug 2359694 (CVE-2025-30691)

Summary: CVE-2025-30691 openjdk: Improve compiler transformations (Oracle CPU 2025-04)
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahughes, escamareylinda, fferrari, fitzsim, jsamir, khosford, neugens, pjindal, security-response-team, sraghupu, sthirugn, vkrizan, yu.naensoren
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2025-04-15   

Description OSIDB Bzimport 2025-04-15 07:43:48 UTC 
Change to loop-limit adjustments introduced a possible overflow in the computation of loop limits.
Comment 1 Mauro Matteo Cascella 2025-04-16 10:43:05 UTC 
OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/949c6ffc54efaa92d6559a3e7897432b95e99253

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/2b70822671cf5f9b37956949421e7c77da082c8e

OpenJDK-17 upstream commit:
https://github.com/openjdk/jdk17u/commit/5b0a5f436fb9817d679f64302b37543bf160d43d

OpenJDK-21 upstream commit:
https://github.com/openjdk/jdk21u/commit/11067d7e975ce71bedbfdd314519ec9ff689a7e7
Comment 2 Mauro Matteo Cascella 2025-04-16 12:56:39 UTC 
This CVE was fixed in Oracle Java SE 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1.

Release notes:
https://www.oracle.com/java/technologies/javase/8u451-relnotes.html#R180_451
https://www.oracle.com/java/technologies/javase/8u451-perf-relnotes.html
https://www.oracle.com/java/technologies/javase/11-0-27-relnotes.html#R11_0_27
https://www.oracle.com/java/technologies/javase/17-0-15-relnotes.html#R17_0_15
https://www.oracle.com/java/technologies/javase/21-0-7-relnotes.html
https://www.oracle.com/java/technologies/javase/24-0-1-relnotes.html
Comment 3 errata-xmlrpc 2025-05-13 16:01:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:7508 https://access.redhat.com/errata/RHSA-2025:7508
Comment 5 akeuha 2025-12-23 06:57:52 UTC 
Make your mark in https://monkeymart6x.io – where you can balance your time between harvesting crops and restocking shelves for maximum efficiency!
Comment 6 manedwolf 2026-03-16 03:27:07 UTC 
(In reply to akeuha from comment #5)
> Make your mark in https://unblocked-games2.io – where you can balance your time
> between harvesting crops and restocking shelves for maximum efficiency!

It's wonderful to be able to make the most of your time, balancing work with moments of relaxation. It's sure to be a great experience!