It was discovered that the boundary checks in the java.nio.Buffer class in the Libraries component of OpenJDK could have been bypassed when class instance was accessed concurrently. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Public now via Oracle CPU July 2020: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixJAVA Fixed in Oracle Java SE 14.0.2, 11.0.8, 8u261, and 7u271.
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/fa0ca4cb69bb OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/368b6f0a21fc
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2970 https://access.redhat.com/errata/RHSA-2020:2970
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2969 https://access.redhat.com/errata/RHSA-2020:2969
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2972 https://access.redhat.com/errata/RHSA-2020:2972
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2968 https://access.redhat.com/errata/RHSA-2020:2968
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:2985 https://access.redhat.com/errata/RHSA-2020:2985
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3098 https://access.redhat.com/errata/RHSA-2020:3098
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3100 https://access.redhat.com/errata/RHSA-2020:3100
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3099 https://access.redhat.com/errata/RHSA-2020:3099
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3101 https://access.redhat.com/errata/RHSA-2020:3101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14583
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3386 https://access.redhat.com/errata/RHSA-2020:3386
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:3388 https://access.redhat.com/errata/RHSA-2020:3388
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:3387 https://access.redhat.com/errata/RHSA-2020:3387
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2020:5585 https://access.redhat.com/errata/RHSA-2020:5585