Bugs
The PS5 has bugs. Some bugs can lead to Vulnerabilities. Others lead to nothing useful (yet) but can serve as examples of what not to do.
WebKit[edit | edit source]
Untested[edit | edit source]
Untested - mmap issue involving pointer address misalignment leading to nothing for now[edit | edit source]
Credits[edit | edit source]
- Jasmine, working for Sony, for information through a WebKit commit (2022-10-19)
Analysis[edit | edit source]
Bug Description[edit | edit source]
There is a mmap issue involving pointer address misalignment because of a failing assert here. A workaround is to set HAVE_MAP_ALIGNED flag as OFF in OptionsPlayStation.cmake: [1]. This workaround can be reverted after the mmap issue is resolved. Currently, the workaround is still enabled: [2]
OptionsPlayStation.cmake is present in the PS4 11.00 OSS WebKit source code but does not contain the HAVE_MAP_ALIGNED flag, and according to dates, this might concern only the PS5.
Exploit Implementation[edit | edit source]
Patched[edit | edit source]
Maybe
Tested[edit | edit source]
Not tested yet on PS4 nor PS5.
JIT disabled[edit | edit source]
FW ?6.00-9.60? - Immediate overflow/underflow in JSC SBFX (CVE-2024-27833) leading to arbitrary code execution[edit | edit source]
See also [3].
FW ?6.00-8.60? - JSC::DFG::clobberize() needs to be more precise with the *ByOffset nodes (CVE-2023-41993) leading to arbitrary RW[edit | edit source]
See also [4].
FW 6.00-8.60 - JSC DFG Abstract Intepreter clobberWorld Type Confusion (no CVE) leading to arbitrary RW[edit | edit source]
See also [5].
Memory exhausted but not corrupted[edit | edit source]
FW 6.00-9.60 - Unknown heap and string overflow (no CVE) leading to crash[edit | edit source]
See also [6].
Patched[edit | edit source]
Yes on PS4 FW 12.00 and PS5 FW 10.00.
Tested[edit | edit source]
Tested and working on PS4 FWs 10.00-11.52 and PS5 FWs 6.00-9.60.