PS4 4.55 BPF Race Condition Kernel Exploit Writeup

The PS4 4.55/FreeBSD BPF kernel exploit writeup is now up on my GitHub repo! The bug is present on any system running FreeBSD such that you have privileges (which we did on PS4). Could be used on other systems for root to ring0 code execution.https://t.co/irpUCdcfEk

— Specter (@SpecterDev) March 29, 2018

This isn't a simple exploit – and this writeup is truly exceptional. Well worth a read. https://t.co/EL0GUnXIoO

— Ask Cybergibbons! (@cybergibbons) March 30, 2018

Interesting side note: BPF is also the mechanic that the Spectre/Meltdown PoCs used to get arbitrary code to run in the kernel to trigger the speculative reads, as arbitrary code running in the kernel (albeit jitted) is a feature not a bug when it comes to BPF.

— Graham Sutherland [Polynomial^DSS] (@gsuberland) March 30, 2018