Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 994: | Line 994: | ||
* sleirsgoevy and ChendoChap for porting the PoC to PS4 and chaining it with the 6.72 and 7.02 WebKit exploits. | * sleirsgoevy and ChendoChap for porting the PoC to PS4 and chaining it with the 6.72 and 7.02 WebKit exploits. | ||
* SIE for not patching this vulnerability on PS5 even when patched on PS4. | * SIE for not patching this vulnerability on PS5 even when patched on PS4. | ||
* TheFlow for announcing that PS5 kernel was exploited: [https://twitter.com/theflow0/status/1457362920501829636 TheFloW's PS5 kernel exploit announcement (2021-11-07)] | * TheFlow for announcing that PS5 kernel was exploited: [https://twitter.com/theflow0/status/1457362920501829636 TheFloW's PS5 kernel exploit announcement (2021-11-07)] | ||
==== Analysis ==== | ==== Analysis ==== | ||
* [https://hackerone.com/reports/826026 TheFloW's | * [https://hackerone.com/reports/826026 TheFloW's report of the PS4 kernel exploit with a FreeBSD 9-12 PoC] | ||
* [https://www.freebsd.org/security/advisories/FreeBSD-SA-20:20.ipv6.asc FreeBSD Security Advisory FreeBSD-SA-20:20.ipv6] | * [https://www.freebsd.org/security/advisories/FreeBSD-SA-20:20.ipv6.asc FreeBSD Security Advisory FreeBSD-SA-20:20.ipv6] | ||
* [https://www.freebsd.org/security/patches/SA-20:20/ipv6.patch FreeBSD patch for FreeBSD-SA-20:20.ipv6] | * [https://www.freebsd.org/security/patches/SA-20:20/ipv6.patch FreeBSD patch for FreeBSD-SA-20:20.ipv6] | ||
* [https://hackerone.com/reports/1441103 TheFloW's | * [https://hackerone.com/reports/1441103 TheFloW's report of the PS5 kernel exploit] | ||
==== Bug Description ==== | ==== Bug Description ==== | ||
Line 1,008: | Line 1,008: | ||
==== Exploit Implementation ==== | ==== Exploit Implementation ==== | ||
* [ | * [https://hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com/Y13EyQCGKEqxH8PpJgFKh5uY?response-content-disposition=attachment%3B%20filename%3D%22exploit.c%22%3B%20filename%2A%3DUTF-8%27%27exploit.c&response-content-type=text%2Fx-c%2B%2Bsrc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAQGK6FURQ4G43T3HL%2F20200719%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20200719T222620Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEGUaCXVzLXdlc3QtMiJHMEUCIQD%2F0c09Z1wbdZi9kMJukdNUryexRJUKWxTiqcoAnsxE1gIgQqef8QiWKjHnPYTPLZO5P1KcXixsUrL2Z8AnnT404jEqtAMIHRABGgwwMTM2MTkyNzQ4NDkiDGkLHbTp2BRWlnoy5iqRA0gx69uKt57lUwOOB48RT1j6IEwp5FGjfVUviEc78dJ99qZaUUB%2FI%2BfRDN5J7OKceSsOZwZ1VebLhz2za2R2c5gjX9EtCWf%2Brl6EIvxMXSyC%2FYxnbAVAXvB8jf5sRWr%2FgqpUQbNr1V5JFbe6IYw%2FvlmiYqMzhSqBpupfI6E6cwa3luTr0GBWKR4lppzFXR7%2B6e9bUAC%2BQiQcPk%2FzNqKAGE%2FFKkDreC1Vvlct%2FvhqQ0HbaNesEQG%2F0qbv2%2B6UB9iU4n4uk369G%2BmwtnfEh0%2BEeptwYVwFApNIfwRdOXx%2FrPnL69fkuxjA8BKQpILIf2XYxrbtlE8Nth8z75cXxlFLgdfmhyidy2Q0wkjS45tx39ROJZQBC9g%2Fstx7u0jFZ1M3MJuBVJc%2FO5aWCPOBoZrQKpbAJqHSqF5x5ON3x%2BNkFbfMj%2B20qSfmBn7eT2FYBPR3bahKnI5lZeDzYAQgSIvUpAGW%2Fi2UL1ZmEqEKoV%2Fh67YYzCMzM3uUqPRuSGIeQsmUEQeY%2BjR7PPoR71928%2B%2FHFBbTMN%2FW0vgFOusB5oRuVzVviKnOLIHgixiK0h5rYZe5TfP3JtYhhy3XpV0RB3BliMzTvuhn5TevB9ZZlRYKnP7x08C888AIsUKSm3UuQpHmnZ1M5yeypI5MwjmLO51lBnQwigz0tHGDu2jlOLyvW9bXzFw1rNLSfM5x6dWmvMdYyTkStTFnwcN0V14U5EOVzdfo9WYogPfzq%2FEeOopTjDAusDtIBEtn4ILZxnlPxi8oLY8rI03lsF4GmRx6zQKJ%2Bzs44lQi5DRSMOueKTvWmPRaR83hUAIxlXdDCdM8wPYQe0eMl3V3macYTRK1FghrvW4BCo6ZqQ%3D%3D&X-Amz-Signature=2862cc641fee752f041d00f7d021826e09354ef202bb2da78a966e5b90830662 TheFloW's PoC for FreeBSD 9 and 12] | ||
* [https://github.com/sleirsgoevy/ps4jb PS4 6.72-7.02 WebKit + Kernel Exploit implementation by sleirsgoevy] | * [https://github.com/sleirsgoevy/ps4jb PS4 6.72-7.02 WebKit + Kernel Exploit implementation by sleirsgoevy] | ||
* [https://github.com/ChendoChap/ps4-ipv6-uaf PS4 5.05-7.02 WebKit + Kernel Exploit implementation by ChendoChap] | * [https://github.com/ChendoChap/ps4-ipv6-uaf PS4 5.05-7.02 WebKit + Kernel Exploit implementation by ChendoChap] | ||
==== Patched ==== | ==== Patched ==== | ||
'''Yes''' in | '''Yes''' in 7.50 FW | ||
---- | ---- | ||