A flaw was found in the way the Hotspot component of OpenJDK generated class code. An untrusted Java application or applet could potentially use this flaw to bypass Java sandbox restrictions.
Public now via Oracle CPU July 2022: https://www.oracle.com/security-alerts/cpujul2022.html#AppendixJAVA Fixed in Oracle Java SE 7u351, 8u341, 11.0.16, 17.0.4, 18.0.2. Release notes: https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_351 https://www.oracle.com/java/technologies/javase/8u341-relnotes.html https://www.oracle.com/java/technologies/javase/11-0-16-relnotes.html https://www.oracle.com/java/technologies/javase/17-0-4-relnotes.html https://www.oracle.com/java/technologies/javase/18-0-2-relnotes.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5685 https://access.redhat.com/errata/RHSA-2022:5685
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5684 https://access.redhat.com/errata/RHSA-2022:5684
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5683 https://access.redhat.com/errata/RHSA-2022:5683
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5681 https://access.redhat.com/errata/RHSA-2022:5681
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5687 https://access.redhat.com/errata/RHSA-2022:5687
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5695 https://access.redhat.com/errata/RHSA-2022:5695
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:5701 https://access.redhat.com/errata/RHSA-2022:5701
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:5697 https://access.redhat.com/errata/RHSA-2022:5697
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5696 https://access.redhat.com/errata/RHSA-2022:5696
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:5700 https://access.redhat.com/errata/RHSA-2022:5700
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:5698 https://access.redhat.com/errata/RHSA-2022:5698
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5709 https://access.redhat.com/errata/RHSA-2022:5709
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:5726 https://access.redhat.com/errata/RHSA-2022:5726
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:5736 https://access.redhat.com/errata/RHSA-2022:5736
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u342 Via RHSA-2022:5753 https://access.redhat.com/errata/RHSA-2022:5753
This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u342 Via RHSA-2022:5754 https://access.redhat.com/errata/RHSA-2022:5754
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.16 Via RHSA-2022:5755 https://access.redhat.com/errata/RHSA-2022:5755
This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.16 Via RHSA-2022:5756 https://access.redhat.com/errata/RHSA-2022:5756
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.4 Via RHSA-2022:5757 https://access.redhat.com/errata/RHSA-2022:5757
This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.4 Via RHSA-2022:5758 https://access.redhat.com/errata/RHSA-2022:5758
OpenJDK-17 upstream commit: https://github.com/openjdk/jdk17u/commit/8be0fc09f0ba2dd1dbfd6627456fa929d5574b04 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u/commit/6c0ba0785a2f0900be301f72764cf4dcfa720991 OpenJDK-8 upstream commit: https://github.com/openjdk/jdk8u/commit/1dafef08cc922ee85a8e216387100dc681a5484d
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-21540