A security researcher has discovered a vulnerability in a driver shared by NetBSD and Sony’s Playstation.  Attackers could possibly inject their

Playstation: Hole in NetBSD driver could allow code smuggling

submited by
Style Pass
2022-05-14 08:00:08

A security researcher has discovered a vulnerability in a driver shared by NetBSD and Sony’s Playstation. Attackers could possibly inject their own code into affected devices with manipulated network packets. Updates are ready.

The IT security researcher, nicknamed m00nbsd, has discovered a vulnerability in the PPPoE driver of the Playstation 4, through which the attacked device, when establishing a connection by receiving several manipulated packets, composes a large response packet and a buffer overflow can occur in the memory outside of the allocated ones borders is overwritten.

According to the description, the attacker controls the size and content of the overwritten areas in the case of this buffer overflow. The vulnerability has received the CVE entry CVE-2022-29867, Sony’s developers classify it as high Risk with a CVSS score of 7.4 a.

The discoverer of the vulnerability writes in his Description on Hackerone, a bug bounty platform, that he suspects that the vulnerability allows malicious code to be injected and executed. And that he found the error with a borrowed Playstation 4, but the Playstation 5 is probably also affected.

Leave a Comment