DISPUTED An issue was discovered in function
ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK
(HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.
Note: Vendor states that this to is Defense in Depth at most due to the
nature of the issue and the special circumstances required (server must be
running particular code locally, code compiled with an old, old version of
javac, etc.).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | upstream | noarch | openjdk | < any | UNKNOWN |
ubuntu | 18.04 | noarch | openjdk-8 | < 8u392-ga-1~18.04 | UNKNOWN |
ubuntu | 20.04 | noarch | openjdk-8 | < 8u392-ga-1~20.04 | UNKNOWN |
ubuntu | 22.04 | noarch | openjdk-8 | < 8u392-ga-1~22.04 | UNKNOWN |
ubuntu | upstream | noarch | openjdk-8 | < any | UNKNOWN |
ubuntu | upstream | noarch | openjdk-8 | < 8u392-ga-1~23.04 | UNKNOWN |
ubuntu | upstream | noarch | openjdk-8 | < 8u392-ga-1~23.10 | UNKNOWN |
ubuntu | 16.04 | noarch | openjdk-8 | < 8u392-ga-1~16.04)available with ubuntu pro or ubuntu pro (infra-only | UNKNOWN |
ubuntu | upstream | noarch | openjdk-9 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | openjdk-lts | < 11.0.17+8-1ubuntu2~18.04 | UNKNOWN |
bugs.openjdk.org/browse/JDK-8283441
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40433
github.com/openjdk/jdk11u-dev/pull/1183
github.com/openjdk/jdk13u-dev/pull/394
github.com/openjdk/jdk15u-dev/pull/261
launchpad.net/bugs/cve/CVE-2022-40433
nvd.nist.gov/vuln/detail/CVE-2022-40433
security-tracker.debian.org/tracker/CVE-2022-40433
ubuntu.com/security/notices/USN-6528-1