Specifically, CTurt mentions that these can be used to leak information from the stack guard, potentially allowing to bypass it. Those of you who’ve been following the scene closely will probably remember a libxml2 vulnerabilityrevealed recently, that was deemed useless because of stack protection. Specifically, we wrote:FreeBSD has had Stack Protector baked in since FreeBSD 8.0, meaning that this vulnerability (if confirmed on PS4) would be useless on its own (Unless some other exploit could help bypass stack protection?).
Doesn’t this look like an interesting coincidence to you? Or is it likely that CTurt is sending a red blinking signal to the PS4 scene?There’s of course a long shot between a security article on FreeBSD and claiming victory for a hack on the PS4 3.50. Hackers would need to confirm that the FreeBSD implementation on the PS4 actually uses the compatibility layers, then port CTurt’s proof of concept to the PS4, and then couple that with an actual stack overflow… Easy as pie?