The PS5 has bugs. Some bugs can lead to Vulnerabilities. Others lead to nothing useful (yet) but can serve as examples of what not to do.

WebKit[edit | edit source]

Untested[edit | edit source]

Untested - mmap issue involving pointer address misalignment leading to nothing for now[edit | edit source]

Credits[edit | edit source]

• Jasmine, working for Sony, for information through a WebKit commit (2022-10-19)

Analysis[edit | edit source]

• https://bugs.webkit.org/show_bug.cgi?id=246763

Bug Description[edit | edit source]

There is a mmap issue involving pointer address misalignment because of a failing assert here. A workaround is to set HAVE_MAP_ALIGNED flag as OFF in OptionsPlayStation.cmake: [1]. This workaround can be reverted after the mmap issue is resolved. Currently, the workaround is still enabled: [2]

OptionsPlayStation.cmake is present in the PS4 11.00 OSS WebKit source code but does not contain the HAVE_MAP_ALIGNED flag, and according to dates, this might concern only the PS5.

Exploit Implementation[edit | edit source]

Patched[edit | edit source]

Maybe

Tested[edit | edit source]

Not tested yet on PS4 nor PS5.

JIT disabled[edit | edit source]

FW ?6.00-9.60? - Immediate overflow/underflow in JSC SBFX (CVE-2024-27833) leading to arbitrary code execution[edit | edit source]

See also [3].

FW ?6.00-8.60? - JSC::DFG::clobberize() needs to be more precise with the *ByOffset nodes (CVE-2023-41993) leading to arbitrary RW[edit | edit source]

See also [4].

FW 6.00-8.60 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW[edit | edit source]

See also [5].

Memory exhausted but not corrupted[edit | edit source]

FW 6.00-9.60 - Unknown heap and string overflow (no CVE) leading to crash[edit | edit source]

See also [6].

Patched[edit | edit source]

Yes on PS4 FW 12.00 and PS5 FW 10.00.

Tested[edit | edit source]

Tested and working on PS4 FWs 10.00-11.52 and PS5 FWs 6.00-9.60.