PS4 4.55 BPF Race Condition Kernel Exploit Writeup

March 30, 2018 ~ hucktech

The PS4 4.55/FreeBSD BPF kernel exploit writeup is now up on my GitHub repo! The bug is present on any system running FreeBSD such that you have privileges (which we did on PS4). Could be used on other systems for root to ring0 code execution.https://t.co/irpUCdcfEk

— Specter (@SpecterDev) March 29, 2018

https://twitter.com/cybergibbons/status/979680338006958081

Interesting side note: BPF is also the mechanic that the Spectre/Meltdown PoCs used to get arbitrary code to run in the kernel to trigger the speculative reads, as arbitrary code running in the kernel (albeit jitted) is a feature not a bug when it comes to BPF.

— Graham Sutherland (Polynomial^DSS) ➡️ chaos.social (@gsuberland) March 30, 2018

PS4 4.55 BPF Race Condition Kernel Exploit Writeup
Cryptogenic Update PS4 4.55 BPF Race Condition Kernel Exploit Writeup

Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I’ve published it under the “FreeBSD” folder and not the “PS4” folder.[…]

https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md

Published by hucktech

View all posts by hucktech

Leave a comment Cancel reply

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Android Developers Blog

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

LLVM Project Blog

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Broadcom ConnectedBroadcom Connected

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Blog - NVM Express

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Schneier on Security

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

IBM Product Security Incident Response Team

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Cyber Trust Blog

Blog - Möbius Strip Reverse Engineering

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Executive Platform - Cisco Blogs

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Official PC-BSD Blog

Discover the Desktop

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

FreeBSD Foundation

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Oracle Blogs | Oracle Blogs

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Oracle Blogs | Oracle Blogs

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Blog - Xen Project

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Planet openSUSE

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Tizen - An open source, standards-based software platform for multiple device categories.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

iXsystems, Inc. – Enterprise Storage & Servers

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

InTelligence Blog

ASSET InterTech

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

coreboot developer blogs

News from coreboot world

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Lenovo EDU Community

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

System76 Blog RSS Feed

Hastily-written news/info on the firmware security/development communities, sorry for the typos.

Just another WordPress.com site

Hastily-written news/info on the firmware security/development communities, sorry for the typos.