Oracle Java SE and GraalVM Enterprise Edition Hotspot Vulnerability Allowing Data Manipulation and Denial-of-Service

A vulnerability has been identified in Oracle Java SE versions 8u481 and 8u481-b50, as well as in Oracle GraalVM Enterprise Edition 21.3.17. This vulnerability, which exists in the Hotspot component, is difficult to exploit but allows a low-privileged attacker with access to the environment where Oracle Java SE or GraalVM executes to compromise these platforms. Successful exploitation, which requires human interaction from a third party, could lead to unauthorized creation, deletion, or modification of critical data or any data accessible to Oracle Java SE or GraalVM. Additionally, this vulnerability could cause a complete denial-of-service by hanging the application or causing a frequently repeatable crash. This issue primarily affects Java deployments in clients running sandboxed Java Web Start applications or applets that load untrusted code from the internet and depend on the Java sandbox for security. It does not impact server deployments that only run trusted code.

Impact

Exploitation of this vulnerability could result in unauthorized access to modify, create, or delete critical data or all data accessible through Oracle Java SE or GraalVM. Additionally, it could cause a complete denial-of-service by crashing the application or causing it to hang indefinitely.