Unrated severityNVD Advisory· Published Nov 15, 2023· Updated Nov 3, 2025

Eclipse OpenJ9 possible infinite busy hang

CVE-2023-5676

Description

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.

Affected products

osv-coords26 versions
pkg:rpm/opensuse/java-11-openj9&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/java-11-openj9&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Tumbleweed pkg:rpm/suse/java-11-openj9&distro=SUSE%20Package%20Hub%2015%20SP6 pkg:rpm/suse/java-17-openj9&distro=SUSE%20Package%20Hub%2015%20SP6 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/java-1_8_0-openj9&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 11.0.26.0-bp156.4.3.1+ 25 more
- (no CPE)range: < 11.0.26.0-bp156.4.3.1
- (no CPE)range: < 11.0.21.0-1.1
- (no CPE)range: < 17.0.14.0-bp156.3.3.1
- (no CPE)range: < 17.0.9.0-1.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0.392-150200.3.39.1
- (no CPE)range: < 1.8.0.392-150200.3.39.1
- (no CPE)range: < 1.8.0.392-1.1
- (no CPE)range: < 11.0.26.0-bp156.4.3.1
- (no CPE)range: < 17.0.14.0-bp156.3.3.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-30.117.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-30.117.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-150000.3.83.1
- (no CPE)range: < 1.8.0_sr8.15-30.117.1
- (no CPE)range: < 1.8.0.392-150200.3.39.1
Eclipse Foundation/OpenJ9v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000