Eclipse OpenJ9 possible infinite busy hang
CVE-2023-5676

4.1MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Openj9
Vendor: CVE Published:; 15 November 2023

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2023-5676?

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

Affected Version(s)

OpenJ9 0 < 0.41.0

References

https://github.com/eclipse-openj9/openj9/pull/18085

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Oct 20, 2023

JSON