Editing Exploit Chains
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 3: | Line 3: | ||
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ | ||
! | !Firmware Version | ||
!Hypervisor Exploit | !Hypervisor Exploit | ||
!Kernel Exploit | !Kernel Exploit | ||
Line 11: | Line 10: | ||
!Capability | !Capability | ||
|- | |- | ||
|<=2.50 | | <=2.50 | ||
|Rumored [https://www.psxhax.com/threads/flat_z-confirms-ps5-hypervisor-exploitation-from-ps4-save-game.16063/] | |Rumored [https://www.psxhax.com/threads/flat_z-confirms-ps5-hypervisor-exploitation-from-ps4-save-game.16063/] | ||
| | |Unknown | ||
| | |Rumored: PS4 Game Save | ||
|Unreleased by [https://github.com/flatz Flatz] | |Unreleased by [https://github.com/flatz Flatz] | ||
|Full Access to the system | |Full Access to the system | ||
|- | |- | ||
|<=4.03 | |<=4.03 | ||
|N/A | |N/A | ||
|[[Vulnerabilities#FW%20%253C%3D%204.03%20-%20exFAT%20driver%20heap-based%20buffer%20overflow|exFAT Driver Heap Exploit]] There is no implementation because of the difficulty in writing the exploit without a real-time kernel dump or at least kASLR defeat. The proof of concept is a kernel panic when plugging in the drive and using the console for about a minute. | |[[Vulnerabilities#FW%20%253C%3D%204.03%20-%20exFAT%20driver%20heap-based%20buffer%20overflow|exFAT Driver Heap Exploit]] There is no implementation because of the difficulty in writing the exploit without a real-time kernel dump or at least kASLR defeat. The proof of concept is a kernel panic when plugging in the drive and using the console for about a minute. | ||
Line 28: | Line 25: | ||
|- | |- | ||
|3.00-4.51 | |3.00-4.51 | ||
|N/A | |N/A | ||
|[[Vulnerabilities#FW 3.00-4.51 - IPV6 2292PKTOPTIONS UaF (yielding arbitrary kernel R/W) (CVE-2020-7457)|IPV6_2292PKTOPTIONS UaF (CVE-2020-7457)]] | |[[Vulnerabilities#FW 3.00-4.51 - IPV6 2292PKTOPTIONS UaF (yielding arbitrary kernel R/W) (CVE-2020-7457)|IPV6_2292PKTOPTIONS UaF (CVE-2020-7457)]] | ||
Line 36: | Line 32: | ||
|- | |- | ||
|3.00-4.51 | |3.00-4.51 | ||
|N/A | |N/A | ||
|[[Vulnerabilities#FW 3.00-4.51 - IPV6 2292PKTOPTIONS UaF (yielding arbitrary kernel R/W) (CVE-2020-7457)|IPV6_2292PKTOPTIONS UaF (CVE-2020-7457)]] | |[[Vulnerabilities#FW 3.00-4.51 - IPV6 2292PKTOPTIONS UaF (yielding arbitrary kernel R/W) (CVE-2020-7457)|IPV6_2292PKTOPTIONS UaF (CVE-2020-7457)]] | ||
Line 44: | Line 39: | ||
|- | |- | ||
|3.00-4.51 | |3.00-4.51 | ||
|N/A | |N/A | ||
|[[Vulnerabilities#FW 3.00-4.51 - IPV6 2292PKTOPTIONS UaF (yielding arbitrary kernel R/W) (CVE-2020-7457)|IPV6_2292PKTOPTIONS UaF (CVE-2020-7457)]] | |[[Vulnerabilities#FW 3.00-4.51 - IPV6 2292PKTOPTIONS UaF (yielding arbitrary kernel R/W) (CVE-2020-7457)|IPV6_2292PKTOPTIONS UaF (CVE-2020-7457)]] | ||
Line 53: | Line 47: | ||
|- | |- | ||
|1.00-5.50 | |1.00-5.50 | ||
|N/A | |N/A | ||
|[[Vulnerabilities#FW_%3C=_7.61_-_umtx_UaF_(yielding_arbitrary_kernel_R/W)_(CVE-2024-43102)|umtx UaF]] | |[[Vulnerabilities#FW_%3C=_7.61_-_umtx_UaF_(yielding_arbitrary_kernel_R/W)_(CVE-2024-43102)|umtx UaF]] | ||
|WebKit [[Vulnerabilities#FW_%3C=_5.50_-_FrameLoader::loadInSameDocument()_UaF_(CVE-2022-22620)_leading_to_arbitrary_RW|loadInSameDocument]] | |WebKit [[Vulnerabilities#FW_%3C=_5.50_-_FrameLoader::loadInSameDocument()_UaF_(CVE-2022-22620)_leading_to_arbitrary_RW|loadInSameDocument]] | ||
|N/A | |N/A | ||
|Elf Loader | |Elf Loader | ||
|- | |- | ||
|6.00-7.61 | |6.00-7.61 | ||
|N/A | |N/A | ||
|[[Vulnerabilities#FW_%3C=_7.61_-_umtx_UaF_(yielding_arbitrary_kernel_R/W)_(CVE-2024-43102)|umtx UaF]] | |[[Vulnerabilities#FW_%3C=_7.61_-_umtx_UaF_(yielding_arbitrary_kernel_R/W)_(CVE-2024-43102)|umtx UaF]] | ||
|WebKit [[Vulnerabilities#FW_6.00-8.60_-_JSC_DFG_Abstract_Intepreter_clobberWorld_Type_Confusion_(no_CVE)_leading_to_arbitrary_RW|clobberWorld]] or [[Vulnerabilities#FW_6.00-9.60_-_Unknown_heap_and_string_overflow_(no_CVE)_leading_to_crash|unknown heap and string overflow]] | |WebKit [[Vulnerabilities#FW_6.00-8.60_-_JSC_DFG_Abstract_Intepreter_clobberWorld_Type_Confusion_(no_CVE)_leading_to_arbitrary_RW|clobberWorld]] or [[Vulnerabilities#FW_6.00-9.60_-_Unknown_heap_and_string_overflow_(no_CVE)_leading_to_crash|unknown heap and string overflow]] | ||
|N/A | |N/A | ||
|Elf Loader | |Elf Loader | ||
|- | |- | ||
|1.00-7.61 | |1.00-7.61 | ||
|N/A | |N/A | ||
|[[Vulnerabilities#FW_%3C=_7.61_-_umtx_UaF_(yielding_arbitrary_kernel_R/W)_(CVE-2024-43102)|umtx UaF]] | |[[Vulnerabilities#FW_%3C=_7.61_-_umtx_UaF_(yielding_arbitrary_kernel_R/W)_(CVE-2024-43102)|umtx UaF]] | ||
|[[Vulnerabilities#FW_%3C=_7.61_-_BD-JB2_-_Path_traversal_sandbox_escape_by_TheFloW|BD-JB2]] | |[[Vulnerabilities#FW_%3C=_7.61_-_BD-JB2_-_Path_traversal_sandbox_escape_by_TheFloW|BD-JB2]] | ||
| | |N/A | ||
|Native code execution within Blu-ray context | |Native code execution within Blu-ray context | ||
|} | |} |