Bugs

From PS5 Developer wiki
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The PS5 has bugs. Some bugs can lead to Vulnerabilities. Others lead to nothing useful (yet) but can serve as examples of what not to do.

WebKit

Untested

Untested - mmap issue involving pointer address misalignment leading to nothing for now

Credits

  • Jasmine, working for Sony, for information through a WebKit commit (2022-10-19)

Analysis

Bug Description

There is a mmap issue involving pointer address misalignment because of a failing assert here. A workaround is to set HAVE_MAP_ALIGNED flag as OFF in OptionsPlayStation.cmake: [1]. This workaround can be reverted after the mmap issue is resolved. Currently, the workaround is still enabled: [2]

OptionsPlayStation.cmake is present in the PS4 11.00 OSS WebKit source code but does not contain the HAVE_MAP_ALIGNED flag, and according to dates, this might concern only the PS5.

Exploit Implementation

Patched

Maybe

Tested

Not tested yet on PS4 nor PS5.

JIT disabled

FW ?6.00-9.60? - Immediate overflow/underflow in JSC SBFX (CVE-2024-27833) leading to arbitrary code execution

See also [3].

FW ?6.00-8.60? - JSC::DFG::clobberize() needs to be more precise with the *ByOffset nodes (CVE-2023-41993) leading to arbitrary RW

See also [4].

FW 6.00-8.60 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW

See also [5].

Memory exhausted but not corrupted

FW 6.00-9.60 - Unknown heap and string overflow (no CVE) leading to crash

See also [6].

Patched

Yes on PS4 FW 12.00 and PS5 FW 10.00.

Tested

Tested and working on PS4 FWs 10.00-11.52 and PS5 FWs 6.00-9.60.