Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 94: | Line 94: | ||
== Game savedata exploits == | == Game savedata exploits == | ||
=== PS2 | === PS2 games savedata exploits === | ||
See [https://www.psdevwiki.com/ps4/Vulnerabilities# | See [https://www.psdevwiki.com/ps4/Vulnerabilities#Usermode_Exploits_.28Game_Savedata.29]. | ||
=== PS4/PS5 PS2emu sandbox escape (mast1c0re) === | === PS4/PS5 PS2emu sandbox escape (mast1c0re) === | ||
See [https://www.psdevwiki.com/ps4/Vulnerabilities#PS4.2FPS5_PS2emu_sandbox_escape_.28mast1c0re.29 | See [https://www.psdevwiki.com/ps4/Vulnerabilities#PS4.2FPS5_PS2emu_sandbox_escape_.28mast1c0re.29]. | ||
== PS4 emulator exploits == | == PS4 emulator exploits == | ||
Nothing yet. | Nothing yet. | ||
= Kernel = | = Kernel = | ||
Line 147: | Line 135: | ||
---- | ---- | ||
== FW <= | == FW <= 9.60 - umtx UaF (yielding arbitrary kernel R/W) (CVE-2024-43102) == | ||
=== Credits === | === Credits === | ||
* Rebecca Cran for discovering the bug in umtx (2023-05-07) | * Rebecca Cran for discovering the bug in umtx (2023-05-07) | ||
* Synacktiv for finding and disclosing publicly the vulnerability (2024-09-04) | * Synacktiv for finding and disclosing publicly the vulnerability (2024-09-04) | ||
* Olivier Certner for fixing the bug (2024-09-04), kib for reviewing the bug fix (2024-09-04), Ed Maste for approving the bug fix commit (2024-09-04) | * Olivier Certner for fixing the bug (2024-09-04), kib for reviewing the bug fix (2024-09-04), Ed Maste for approving the bug fix commit (2024-09-04) | ||
=== Analysis === | === Analysis === | ||
Line 164: | Line 149: | ||
* [https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1 Fix commit (2024-09-04)] | * [https://cgit.freebsd.org/src/commit/?id=62f40433ab47ad4a9694a22a0313d57661502ca1 Fix commit (2024-09-04)] | ||
* [https://securityonline.info/freebsd-issues-urgent-security-advisory-for-cve-2024-43102-cvss-10/ Vulnerability press release (2024-09-09)] | * [https://securityonline.info/freebsd-issues-urgent-security-advisory-for-cve-2024-43102-cvss-10/ Vulnerability press release (2024-09-09)] | ||
=== Bug Description === | === Bug Description === | ||
Line 182: | Line 166: | ||
=== Exploit Implementation === | === Exploit Implementation === | ||
* | * No implementation for now. | ||
=== Patched === | === Patched === | ||
'''Yes''' in PS5 FW | '''Yes''' in PS5 FW 10.00. | ||
---- | ---- | ||
== FW <= 8.20 - Remote vulnerabilities in spp (yielding kernel | == FW <= 8.20 - Remote vulnerabilities in spp (yielding kernel ASLR defeat) (CVE-2006-4304 and no-CVE) == | ||
See the [https://www.psdevwiki.com/ps4/Vulnerabilities#FW_%3C=_11.00_-_Remote_vulnerabilities_in_spp_(yielding_kernel_ASLR_defeat)_(CVE-2006-4304_and_no-CVE) PS4 wiki]. | See the [https://www.psdevwiki.com/ps4/Vulnerabilities#FW_%3C=_11.00_-_Remote_vulnerabilities_in_spp_(yielding_kernel_ASLR_defeat)_(CVE-2006-4304_and_no-CVE) PS4 wiki]. | ||
=== Patched === | === Patched === | ||
'''Yes''' in PS5 FW 8.40. | '''Yes''' in PS5 FW 8.40. | ||
---- | ---- | ||
Line 298: | Line 267: | ||
Potentially unpatched. | Potentially unpatched. | ||
= Hardware = | = Hardware = |