vulnerability

Ubuntu: USN-6528-1 (CVE-2022-40433): OpenJDK 8 vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:M/C:N/I:N/A:C)	Aug 22, 2023	Nov 30, 2023	Jan 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:N/I:N/A:C)

Published

Aug 22, 2023

Added

Nov 30, 2023

Modified

Jan 28, 2025

Description

It was discovered that the HotSpot VM implementation in OpenJDK did not
properly validate bytecode blocks in certain situations. An attacker could
possibly use this to cause a denial of service. (CVE-2022-40433)

Carter Kozak discovered that OpenJDK, when compiling with AVX-512
instruction support enabled, could produce code that resulted in memory
corruption in certain situations. An attacker targeting applications built
in this way could possibly use this to cause a denial of service or execute
arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512
instructions. (CVE-2023-22025)

It was discovered that the CORBA implementation in OpenJDK did not properly
perform deserialization of IOR string objects. An attacker could possibly
use this to bypass Java sandbox restrictions. (CVE-2023-22067)

It was discovered that OpenJDK did not properly perform PKIX certification
path validation in certain situations. An attacker could use this to cause
a denial of service. (CVE-2023-22081)

Solution(s)

ubuntu-upgrade-openjdk-8-jdkubuntu-upgrade-openjdk-8-jdk-headlessubuntu-upgrade-openjdk-8-jreubuntu-upgrade-openjdk-8-jre-headlessubuntu-upgrade-openjdk-8-jre-jamvmubuntu-upgrade-openjdk-8-jre-zero

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today