Processing maliciously crafted web content may lead to arbitrary code execution, due to a type confusion. Reference: https://support.apple.com/en-us/HT213531
Created webkit2gtk3 tracking bugs for this issue: Affects: fedora-36 [bug 2153684] Created webkitgtk tracking bugs for this issue: Affects: fedora-37 [bug 2153685]
Upstream bz (private as of now): https://bugs.webkit.org/show_bug.cgi?id=248266
Fixed by: https://github.com/WebKit/WebKit/commit/98940f219ba0e3eb6d958af483b73dd9cc75c28c
Mitigation: the environment variable JSC_useFTLJIT=0 will disable the vulnerable code. (This will also somewhat slow down JavaScript execution.)
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0016 https://access.redhat.com/errata/RHSA-2023:0016
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0021 https://access.redhat.com/errata/RHSA-2023:0021
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-42856