Bugs: Difference between revisions

From PS5 Developer wiki
Jump to navigation Jump to search
(Created page with "The PS5 has bugs. Some bugs can lead to Vulnerabilities. Others lead to nothing useful (yet) but can serve as examples of what not to do. = WebKit = == Untested == === Untested - mmap issue involving pointer address misalignment leading to nothing for now === ==== Credits ==== * Jasmine, working for Sony, for information through a WebKit commit (2022-10-19) ==== Analysis ==== * https://bugs.webkit.org/show_bug.cgi?id=246763 ==== Bug Description ==== There is...")
 
 
Line 43: Line 43:
=== FW 6.00-8.60 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW ===
=== FW 6.00-8.60 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW ===


See also [https://www.psdevwiki.com/ps4/Bugs#FW_10.00-11.02_-_JSC_DFG_Abstract_Intepreter_clobberWorld_Type_Confusion_(no_CVE)_leading_to_arbitrary_RW].
See also [https://www.psdevwiki.com/ps4/Bugs#FW_10.00-11.02_-_JSC_DFG_Abstract_Intepreter_clobberWorld_Type_Confusion_(no_CVE)_leading_to_crash].


== Memory exhausted but not corrupted ==
== Memory exhausted but not corrupted ==

Latest revision as of 23:49, 13 December 2024

The PS5 has bugs. Some bugs can lead to Vulnerabilities. Others lead to nothing useful (yet) but can serve as examples of what not to do.

WebKit[edit | edit source]

Untested[edit | edit source]

Untested - mmap issue involving pointer address misalignment leading to nothing for now[edit | edit source]

Credits[edit | edit source]

  • Jasmine, working for Sony, for information through a WebKit commit (2022-10-19)

Analysis[edit | edit source]

Bug Description[edit | edit source]

There is a mmap issue involving pointer address misalignment because of a failing assert here. A workaround is to set HAVE_MAP_ALIGNED flag as OFF in OptionsPlayStation.cmake: [1]. This workaround can be reverted after the mmap issue is resolved. Currently, the workaround is still enabled: [2]

OptionsPlayStation.cmake is present in the PS4 11.00 OSS WebKit source code but does not contain the HAVE_MAP_ALIGNED flag, and according to dates, this might concern only the PS5.

Exploit Implementation[edit | edit source]

Patched[edit | edit source]

Maybe

Tested[edit | edit source]

Not tested yet on PS4 nor PS5.

JIT disabled[edit | edit source]

FW ?6.00-9.60? - Immediate overflow/underflow in JSC SBFX (CVE-2024-27833) leading to arbitrary code execution[edit | edit source]

See also [3].

FW ?6.00-8.60? - JSC::DFG::clobberize() needs to be more precise with the *ByOffset nodes (CVE-2023-41993) leading to arbitrary RW[edit | edit source]

See also [4].

FW 6.00-8.60 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW[edit | edit source]

See also [5].

Memory exhausted but not corrupted[edit | edit source]

FW 6.00-9.60 - Unknown heap and string overflow (no CVE) leading to crash[edit | edit source]

See also [6].

Patched[edit | edit source]

Yes on PS4 FW 12.00 and PS5 FW 10.00.

Tested[edit | edit source]

Tested and working on PS4 FWs 10.00-11.52 and PS5 FWs 6.00-9.60.