SoylentNews

tonyPick [blogspot.co.uk] writes:

A fascinating article on how to compromise a Linux desktop using Super Nintendo Entertainment System (SNES) processor opcodes [blogspot.co.uk]:

TL;DR: full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interesting emulation error.

The fault is built around the fact that the Linux gstreamer media playback framework supports playback of SNES music files by…. emulating the SNES CPU and audio processor, and the processor emulation has some exploitable vulnerabilities. The author (Chris Evans) then describes the process of working out how to escalate this into a full exploit in complete (and fascinating) detail.

Also, to quote from the article:

As always, the general lack of sandboxing here contributes to the severity. I think we inhabit a world where media parsing sandboxes should be mandatory these days. There’s hope: some of my other recent disclosures appear to have motivated a sandbox for Gnome’s tracker.

The processor in question is The Ricoh 5A22 [wikipedia.org], a derivative of the 6502 processor, built specifically for the SNES.

Original Submission