PS5: Kernel Heap Overflow disclosed

9 Responses

  1. JoeBidenOK says:

    First

  2. Not a Pirat! says:

    whe want a 9.03 for PIRACY* better to back up or fcking games and play newser games and mod the games like ER.

    *see as a joke

  3. Eric Cartman says:

    9.03 Bad luck again

  4. Vovik says:

    Ждём взлома ps5

  5. Haha nice but you’ll never break our sandbox

  6. xbox one>pc says:

    luckly I dont have ps5 or xsx or switch

  7. Nightfury says:

    So in conclusion: I must update my ps4 since I’m still on 9.03 and haven’t touch it when I bought my PS5(idc about the jailbreak on it). And just forget about it.

  8. FW Checker says:

    It sucks that new PS5 ships with 4.50 (or newer soon) but nothing to do but let it wait until a good jailbreak emerges. I don’t envy the hackers, poor guys who mostly get *** from the ones demanding newer hacks. I believe they will come through in the end though.

  9. THz says:

    Abstract
    ======
    A vulnerability has been discovered in the processing of PPPoE
    discovery phase packets. A malicious host on the same network
    (within the same broadcast domain) could cause a NetBSD machine
    trying to initiate a PPPoE session to overwrite memory outside
    of the allocated bounds.

    Technical Details
    ============
    During establishment of a new PPPoE session the client broadcasts
    discovery packets on the local network and awaits offer packets from
    potential PPPoE servers. If the client receives multiple offers,
    it picks one and continues session establishement only with that
    server.

    Due to bugs in the processing of the offer packets, a malicious
    server could send multiple offers and details from the offer would
    be accumulated into a single answer packet. Due to this accumulation
    it was possible to overrun some size limits inherently asserted
    by the PPPoE standard. This bug triggered a second bug that caused an
    mbuf cluster to be allocated even for sizes that do not fit into
    a fixed size cluster. When creating an answer packet the bounds
    of the allocated mbuf cluster then were not honored and data written
    outside the allocated memory area. This would cause memory corruption
    in the mbuf cluster pool, with unclear consequences. The content of
    the overwritten data areas was under control of the attacker.

    Solutions and Workarounds
    ===================
    The attack can only happen while a PPPoE session is being established.
    During session lifetime or when no pppoe(4) interface is active, the
    malicious packets are ignored by the kernel.