Bugs
The PS5 has bugs. Some bugs can lead to Vulnerabilities. Others lead to nothing useful (yet) but can serve as examples of what not to do.
WebKit
Untested
Untested - mmap issue involving pointer address misalignment leading to nothing for now
Credits
- Jasmine, working for Sony, for information through a WebKit commit (2022-10-19)
Analysis
Bug Description
There is a mmap issue involving pointer address misalignment because of a failing assert here. A workaround is to set HAVE_MAP_ALIGNED flag as OFF in OptionsPlayStation.cmake: [1]. This workaround can be reverted after the mmap issue is resolved. Currently, the workaround is still enabled: [2]
OptionsPlayStation.cmake is present in the PS4 11.00 OSS WebKit source code but does not contain the HAVE_MAP_ALIGNED flag, and according to dates, this might concern only the PS5.
Exploit Implementation
Patched
Maybe
Tested
Not tested yet on PS4 nor PS5.
JIT disabled
FW ?6.00-9.60? - Immediate overflow/underflow in JSC SBFX (CVE-2024-27833) leading to arbitrary code execution
See also [3].
FW ?6.00-8.60? - JSC::DFG::clobberize() needs to be more precise with the *ByOffset nodes (CVE-2023-41993) leading to arbitrary RW
See also [4].
FW 6.00-8.60 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW
See also [5].
Memory exhausted but not corrupted
FW 6.00-9.60 - Unknown heap and string overflow (no CVE) leading to crash
See also [6].
Patched
Yes on PS4 FW 12.00 and PS5 FW 10.00.
Tested
Tested and working on PS4 FWs 10.00-11.52 and PS5 FWs 6.00-9.60.