PT-2019-3219 · Eclipse+4 · Eclipse Openj9+4

Peter Shipton

·

Published

2019-07-11

·

Updated

2020-10-08

·

CVE-2019-11775

CVSS v3.1

7.4

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 versions prior to 0.15
Description The issue is related to synchronization errors when using shared resources, which can lead to a "race condition" situation. This can cause memory corruption. Additionally, there is a problem with the loop versioner failing to privatize a value pulled out of the loop, potentially resulting in issues such as reading out of array bounds. The vulnerability could also allow a local attacker to gain elevated privileges on the system by injecting code due to unused RPATHS in AIX builds.
Recommendations For Eclipse OpenJ9 versions prior to 0.15, update to version 0.15 or later to resolve the issue. As a temporary workaround, consider restricting access to shared resources to minimize the risk of exploitation. Avoid using the loop versioner with conditions that read fields and are moved out of the loop until the issue is resolved.

Fix

Race Condition

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-367

Related Identifiers

BDU:2019-03208
CESA-2019_2590
CVE-2019-11775
RHSA-2019:2494
RHSA-2019:2495
RHSA-2019:2585
RHSA-2019:2590
RHSA-2019:2592
RHSA-2019:2737
RHSA-2019_2494
RHSA-2019_2495
RHSA-2019_2585
RHSA-2019_2590
RHSA-2019_2592
SUSE-SU-2019:14160-1
SUSE-SU-2019:14188-1
SUSE-SU-2019:2291-1
SUSE-SU-2019:2336-1
SUSE-SU-2019:2371-1
SUSE-SU-2019_14160-1

Affected Products

Centos
Eclipse Openj9
Ibm Aix
Red Hat
Suse