On 18/01/2021 21:29, Bernd wrote:
Hello,
bad news everyone. The second Windows Filesystem related security bug
reported by Jonas Lykkegaard which allows crashing Windows with a
unpriveledged read access also affects JVM and it is not filtered by
Path.of. Which means bot new File(bad).exists() and
Files.readAllLines(Path.of(bad)) will crash Windows immediatelly.
I verified this on the latest Windows Server 2019 January Security Update.
var bad = "\\\\.\\globalroot\\device\\condrv\\kernelconnect"
BSOD issues should be reported to Microsoft. If there is any suggestion
of a JDK bug here then it should be reported to
vuln-rep...@openjdk.java.net. We (at least Oracle engineers) cannot
engage in any discussion of vulnerability issues here.
-Alan
