CVE-2022-21541
high
CVSS v3
—
CVSS v4 NEW
—
VIR risk
8.0
Description
RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API
Description OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Build of OpenJDK 11.0.16RHSA-2022:57552022-07-28T00:00:00Z Red Hat Build of OpenJDK 11.0.16RHSA-2022:57562022-07-28T00:00:00Z Red Hat Build of OpenJDK…
Description
OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)
CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Build of OpenJDK 11.0.16 | | RHSA-2022:5755 | 2022-07-28T00:00:00Z |
| Red Hat Build of OpenJDK 11.0.16 | | RHSA-2022:5756 | 2022-07-28T00:00:00Z |
| Red Hat Build of OpenJDK 17.0.4 | Linux | RHSA-2022:5758 | 2022-07-28T00:00:00Z |
| Red Hat Build of OpenJDK 17.0.4 | Windows | RHSA-2022:5757 | 2022-07-28T00:00:00Z |
| Red Hat Build of OpenJDK 8u342 | | RHSA-2022:5754 | 2022-07-28T00:00:00Z |
| Red Hat Build of OpenJDK 8u342 | | RHSA-2022:5753 | 2022-07-28T00:00:00Z |
| Red Hat Enterprise Linux 7 | java-11-openjdk-1:11.0.16.0.8-1.el7_9 | RHSA-2022:5687 | 2022-07-21T00:00:00Z |
| Red Hat Enterprise Linux 7 | java-1.8.0-openjdk-1:1.8.0.342.b07-1.el7_9 | RHSA-2022:5698 | 2022-07-25T00:00:00Z |
| Red Hat Enterprise Linux 8 | java-11-openjdk-1:11.0.16.0.8-1.el8_6 | RHSA-2022:5683 | 2022-07-21T00:00:00Z |
| Red Hat Enterprise Linux 8 | java-1.8.0-openjdk-1:1.8.0.342.b07-2.el8_6 | RHSA-2022:5696 | 2022-07-25T00:00:00Z |
| Red Hat Enterprise Linux 8 | java-17-openjdk-1:17.0.4.0.8-2.el8_6 | RHSA-2022:5726 | 2022-07-26T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | java-11-openjdk-1:11.0.16.0.8-1.el8_1 | RHSA-2022:5685 | 2022-07-21T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | java-1.8.0-openjdk-1:1.8.0.342.b07-1.el8_1 | RHSA-2022:5701 | 2022-07-25T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Extended Update Support | java-11-openjdk-1:11.0.16.0.8-1.el8_2 | RHSA-2022:5684 | 2022-07-21T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Extended Update Support | java-1.8.0-openjdk-1:1.8.0.342.b07-1.el8_2 | RHSA-2022:5700 | 2022-07-25T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Extended Update Support | java-11-openjdk-1:11.0.16.0.8-1.el8_4 | RHSA-2022:5681 | 2022-07-21T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Extended Update Support | java-1.8.0-openjdk-1:1.8.0.342.b07-1.el8_4 | RHSA-2022:5697 | 2022-07-25T00:00:00Z |
| Red Hat Enterprise Linux 9 | java-11-openjdk-1:11.0.16.0.8-1.el9_0 | RHSA-2022:5695 | 2022-07-25T00:00:00Z |
| Red Hat Enterprise Linux 9 | java-1.8.0-openjdk-1:1.8.0.342.b07-1.el9_0 | RHSA-2022:5709 | 2022-07-25T00:00:00Z |
| Red Hat Enterprise Linux 9 | java-17-openjdk-1:17.0.4.0.8-2.el9_0 | RHSA-2022:5736 | 2022-07-27T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat build of OpenJDK 11 | Linux | Affected |
| Red Hat build of OpenJDK 11 | Windows | Affected |
| Red Hat build of OpenJDK 1.8 | Linux | Affected |
| Red Hat build of OpenJDK 1.8 | Windows | Affected |
| Red Hat Enterprise Linux 6 | java-1.6.0-openjdk | Out of support scope |
| Red Hat Enterprise Linux 6 | java-1.7.0-openjdk | Out of support scope |
| Red Hat Enterprise Linux 6 | java-1.8.0-openjdk | Out of support scope |
| Red Hat Enterprise Linux 7 | java-1.6.0-openjdk | Out of support scope |
| Red Hat Enterprise Linux 7 | java-1.7.0-openjdk | Out of support scope |
Apply commands
Apply RHSA-2022:5758 for Red Hat Build of OpenJDK 17.0.4
yum update -y Linux
# or:
dnf upgrade -y LinuxAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat build of OpenJDK 11 | Affected |
| redhat | Red Hat build of OpenJDK 11 | Affected |
| redhat | Red Hat build of OpenJDK 1.8 | Affected |
| redhat | Red Hat build of OpenJDK 1.8 | Affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 8 | fixed | |
| debian | bullseye | fixed | 11.0.16+8-1~deb11u1 |
| debian | sid | fixed | 11.0.16+8-1 |
| debian | bookworm | fixed | 17.0.4+8-1 |
| almalinux | 9 | fixed | java-17-openjdk-headless-17.0.4.0.8-2.el9_0.aarch64.rpm |
| rhel | 8 | fixed | |
References
- https://access.redhat.com/errata/RHSA-2022:5695
- https://access.redhat.com/errata/RHSA-2022:5709
- https://access.redhat.com/errata/RHSA-2022:5736
- https://www.suse.com/security/cve/CVE-2022-21541.html
- https://errata.rockylinux.org/RLSA-2022:5726
- https://errata.rockylinux.org/RLSA-2022:5696
- https://errata.rockylinux.org/RLSA-2022:5683
- https://security-tracker.debian.org/tracker/CVE-2022-21541
- https://access.redhat.com/errata/RHSA-2022:5696
- https://bugzilla.redhat.com/2108540
- https://bugzilla.redhat.com/2108543
- https://bugzilla.redhat.com/2108554
- https://errata.almalinux.org/8/ALSA-2022-5696.html
- https://access.redhat.com/errata/RHSA-2022:5683
- https://errata.almalinux.org/8/ALSA-2022-5683.html
- https://errata.almalinux.org/9/ALSA-2022-5709.html
- https://errata.almalinux.org/9/ALSA-2022-5695.html
- https://bugzilla.redhat.com/2108547
- https://errata.almalinux.org/9/ALSA-2022-5736.html
- https://access.redhat.com/errata/RHSA-2022:5726
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.