Headline
CVE-2023-5676: Don't invoke shutdown signal handler until JVM init completes by babsingh · Pull Request #18085 · eclipse-openj9/openj9
In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.
JVM init path: J9_CreateJavaVM.
JVM exit paths: protectedDestroyJavaVM and exitJavaVM.
A segfault or other side-effects can happen if the JVM init and
exit paths execute concurrently.
The exit path can be taken if a shutdown signal is raised and the
shutdown handler is invoked. JVM shutdown signals are SIGINT, SIGTERM
and SIGHUP.
Preventing invocation of the exit path from the shutdown signal handler
until the JVM initialization completes resolves the above side-effects.
Related:
- Sync JVM init and exit paths #17101
- Revert “Sync JVM init and exit paths” #17438
Related news
Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2024-0866-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and deserialization vulnerabilities.