[PS5 scene] A new vulnerability has been discovered within the PlayStation 5 console
In a long and detailed article, Synacktiv security researcher Mehdi Talbi (already the author of some discoveries on PlayStation 4 consoles ) has brought to light a new vulnerability that will most likely be exploited on PlayStation 5 consoles .
The vulnerability allows two controlled bytes to be written with an arbitrary offset. However, the offset has a size of 1 byte which limits the perspective of exploitation.
According to the stack layout, the usual targets (saved instruction pointer, saved frame pointer) are out of reach of the allocated vulnerable buffer. However, the pointer hdr
may still be corrupted.
A first proof of concept that could lead to some result would have appeared on the author’s repository , Bhyve is a hypervisor (process that creates and manages virtual machines (VM) for FreeBSD.
The article reported on the Synacktiv site describes how a limited OOB write vulnerability in an adapter emulator can be turned into code execution that allows you to break out of the guest machine.
Source: reddit.com