Jump to content

PS5 Jailbreak News: Kernel Heap Overflow disclosed


xHARDHeMPuS
 Share

Recommended Posts

  • Administrator

PS5 Jailbreak News: Kernel Heap Overflow disclosed 

  • m00nbsd has disclosed a PS5 Kernel vulnerability, via the HackerOne bug bounty platform

HackerOne Official Link: https://hackerone.com/reports/1350653

 

CODE

static int
pppoe_send_padr(struct pppoe_softc *sc)
{
	[...]

	/* Compute packet length. */
	len = sizeof(struct pppoetag);
	if (sc->sc_service_name != NULL) {
		l1 = strlen(sc->sc_service_name);
		len += l1;
	}
	if (sc->sc_ac_cookie_len > 0) {
		len += sizeof(struct pppoetag) + sc->sc_ac_cookie_len;
	}
	if (sc->sc_relay_sid_len > 0) {
		len += sizeof(struct pppoetag) + sc->sc_relay_sid_len;
	}
	len += sizeof(struct pppoetag) + sizeof(sc->sc_id);
	if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) {
		len += sizeof(struct pppoetag) + 2;
	}

	/* Allocate packet. */
	m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
	if (m0 == NULL)
		return ENOBUFS;

	/* Fill in packet. */
	[...]
}

static struct mbuf *
pppoe_get_mbuf(size_t len)
{
	struct mbuf *m;

	MGETHDR(m, M_DONTWAIT, MT_DATA);
	if (m == NULL)
		return NULL;
	if (len + sizeof(struct ether_header) > MHLEN) {
		MCLGET(m, M_DONTWAIT);
		if ((m->m_flags & M_EXT) == 0) {
			m_free(m);
			return NULL;
		}
	}
	m->m_data += sizeof(struct ether_header);
	m->m_len = len;
	m->m_pkthdr.len = len;
	m_reset_rcvif(m);

	return m;
}

 

🔰  Programmer: C++ / C# / VB / JAVA / IDA
🎮 Games & Applications / Websites Developer 
🎥 YouTuber: HazerMods

🔵 Twitter: @xHARDHeMPuS

🔴 Instagram: @xhardhempuss

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share



×
×
  • Create New...

It looks like you're using an ad blocker. That's okay.  

But without advertising-income, we can't keep making this site awesome.

Ok! I have disabled my ad blocker.