OpenJDK: incorrect optimization of range checks in C2 compiler (Hotspot, 8022783)

🗓️ 15 Oct 2014 02:09:01Reported by RedHatType

OpenJDK C2 range-check optimization flaw in Hotspot may allow remote confidentiality breach across Oracle Java SE and Java SE Embedded versions.

Reporter	Title	Published	Views	Family All 143
IBM Security Bulletins	Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products	18 Jun 201800:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU	15 Jun 201807:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management	22 Sep 202203:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs)	31 Jan 201902:10	–	ibm
IBM Security Bulletins	Security Bulletin: SSLv3 Vulnerability and multiple vulnerabilities in OpenSSL and IBM Java SDK affect IBM Systems Director Storage Control.	31 Jan 201901:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Tivoli Storage Productivity Center October 2014 CPU	19 Aug 202223:26	–	ibm
Tenable Nessus	Oracle Java Update (October 2014) Multiple Vulnerabilities	15 Oct 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-430)	20 Oct 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2014-431)	20 Oct 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2014-432)	20 Oct 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk	1:1.6.0.33-1.13.5.0.el5_11	java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el5_11.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk	1:1.6.0.33-1.13.5.0.el5_11	java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el5_11.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.6.0-openjdk	1:1.6.0.33-1.13.5.0.el6_6	java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el6_6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.6.0-openjdk	1:1.6.0.33-1.13.5.0.el6_6.i686	java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el6_6.i686.noarch.rpm
Red Hat Enterprise Linux	7	ppc64	java-1.6.0-openjdk	1:1.6.0.33-1.13.5.0.el7_0	java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el7_0.ppc64.rpm
Red Hat Enterprise Linux	7	s390x	java-1.6.0-openjdk	1:1.6.0.33-1.13.5.0.el7_0	java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el7_0.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.6.0-openjdk	1:1.6.0.33-1.13.5.0.el7_0	java-1.6.0-openjdk-1:1.6.0.33-1.13.5.0.el7_0.x86_64.rpm
Red Hat Enterprise Linux	5	i386	java-1.6.0-openjdk-debuginfo	1:1.6.0.33-1.13.5.0.el5_11	java-1.6.0-openjdk-debuginfo-1:1.6.0.33-1.13.5.0.el5_11.i386.rpm
Red Hat Enterprise Linux	5	x86_64	java-1.6.0-openjdk-debuginfo	1:1.6.0.33-1.13.5.0.el5_11	java-1.6.0-openjdk-debuginfo-1:1.6.0.33-1.13.5.0.el5_11.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.6.0-openjdk-debuginfo	1:1.6.0.33-1.13.5.0.el6_6	java-1.6.0-openjdk-debuginfo-1:1.6.0.33-1.13.5.0.el6_6.x86_64.rpm

Source	Link
oracle	www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
access	www.access.redhat.com/security/cve/CVE-2014-6504
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-6504
cve	www.cve.org/CVERecord

14 May 2026 22:18Current

6.7Medium risk

Vulners AI Score6.7

CVSS 25

EPSS0.03258