PCSX2 Out-of-Bounds Read Vulnerability in CDVD SCMD Handlers

A vulnerability allowing out-of-bounds read has been identified in PCSX2, a PlayStation 2 emulator, in versions prior to 2.5.378. The issue arises from an unchecked offset and size in a memcpy operation within the CDVD SCMD 0x91 and SCMD 0x8F handlers. This flaw allows a specially crafted disc image or ELF file to read data beyond the limits of the mg_buffer, with the excess data being mirrored into emulated memory. The vulnerability can be exploited by manipulating the MG header fields of an ELF file.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read from emulator memory, allowing unauthorized access to data beyond the intended buffer limits, which is then reflected in the emulated environment.

Remediation

Users can upgrade to PCSX2 version 2.5.378, which addresses the vulnerability by implementing proper bounds checking before memory operations. The latest version is available on the PCSX2 GitHub Releases page.