A flaw was found in the way the Hotspot component of OpenJDK handled array accesses using the binary % operator. This flaw could lead to an access at an invalid array position, leading to an out-of-bounds read vulnerability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.8 Via RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-22044
OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/811f3a16ec4d4054b9b78e5764573bb1f6b5ebb5
Oracle CPU July 2023: https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA Fixed in Oracle Java SE 8u381-perf, 17.0.8, 20.0.2. Release notes: https://www.oracle.com/java/technologies/javase/8u381-perf-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-8-relnotes.html https://www.oracle.com/java/technologies/javase/20-0-2-relnotes.html