Main Vulnerability Database Vulnerabilities #VU91984

Permissions, Privileges, and Access Controls in OpenJ9 - CVE-2024-3933

Published: June 12, 2024

Vulnerability identifier: #VU91984

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-3933

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Eclipse

Affected software:
OpenJ9

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability occurs when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. A local user can exploit the vulnerability to read and write to addresses beyond the end of the array range.

How to mitigate CVE-2024-3933

Install updates from vendor's website.

Sources

https://gitlab.eclipse.org/security/cve-assignement/-/issues/21
https://github.com/eclipse/omr/pull/7275

Permissions, Privileges, and Access Controls in OpenJ9 - CVE-2024-3933

Detailed vulnerability description

How to mitigate CVE-2024-3933

Sources

Please verify you're human