An 18-year-old vulnerability gains attention in the PS5 & PS4 jailbreak community



Jailbreaking is the act of exploiting vulnerabilities in the OS to allow software to run with administrator privileges. It has become a hot topic that an old vulnerability reported 18 years ago could be used to jailbreak PlayStation 4 (PS4) and PlayStation 5 (PS5).

Is an 18-year old vulnerability the key to the next PS5/PS4 Jailbreak? - Wololo.net
https://wololo.net/2024/02/01/is-an-18-year-old-vulnerability-the-key-to-the-next-ps5-ps4-jailbreak/

At the end of January 2024, the 18-year-old vulnerability CVE-2006-4304 is attracting attention in the PS4 and PS5 jailbreak community. The reason is that it was pointed out that 'CVE-2006-4304' can be used to jailbreak the firmware of PS4 and PS5.

However, many users in the hacking community have pointed out that ``there is no way that the vulnerability reported in FreeBSD version 4 from 18 years ago exists on PS4 and PS5, which are based on FreeBSD version 9 or later.'' .



A proof of concept (PoC) file has been published on GitHub to prove that 'CVE-2006-4304' remains an unfixed vulnerability in PS4 and PS5, and when we tested it, we found that It has been confirmed that it can crash PS4 and PS5. According to reports, 'CVE-2006-4304' can crash PS4 firmware versions up to 11.00 and PS5 firmware versions up to 8.20.



Details of 'CVE-2006-4304' are on the following page. A buffer overflow in FreeBSD versions 4.11 to 6.1 allows remote attackers to cause a denial of service (panic) and manipulate the Link Control Protocol (

LCP ).

CVE-2006-4304 : Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD
https://www.cvedetails.com/cve/CVE-2006-4304/



'CVE-2006-4304' is a code area that Andy Nguyen , also known as 'TheFloW,' a security researcher at Google and famous for hacking PlayStation, has been investigating for many years. Therefore, it has been pointed out that 'CVE-2006-4304' may be used in the exploit that TheFloW reported to HackerOne and received a bounty .

Wololo.net , a blog that handles information on game-related jailbreaks, says, ``At first, we ignored reports about this vulnerability, thinking it was a hoax.However, a proof of concept file was circulating, and several people We changed our minds as we saw people reporting success in crashing their PS4 and PS5.'Crashing alone does not indicate a vulnerability, but it is worth further investigation. It is clear that it is something.'

On the other hand, Wololo.net says, ``In my opinion, if a reported vulnerability has already been fixed on some system, it is usually unlikely that that system will crash due to the same vulnerability.'' In our experience, most bug fixes are aimed at handling error cases gracefully. Although the crash is not an exploit, it is very interesting that this code actually crashes PS4 and PS5.' A likely explanation comes to mind: ``It's not an old bug that surfaced, but a new bug (or a similar bug) that happened to be triggered by following a similar path in the codebase.'' .



Also, Wololo.net says, ``What's interesting is that with some firmware the system doesn't crash. This means Sony has either fixed some issue with the latest firmware or changed the code in that area.'' '', stating that it is questionable that some firmware does not cause crashes using ``CVE-2006-4304''.

In addition, regarding whether 'CVE-2006-4304' is a vulnerability that can be exploited by jailbreaking PS4 and PS5, Wololo.net says, 'It is still too early to judge things, but Looks like something of great interest to the Blake community.'

in Software,   Game,   Security, Posted by logu_ii