Summary: A critical vulnerability known as KartLANPwn (CVE-2024-45200) has been discovered in Mario Kart 8 Deluxe, allowing potential remote code execution during multiplayer sessions. The flaw, found in Nintendo’s Pia P2P networking library, could enable attackers to gain control over players’ consoles through crafted data packets.
Threat Actor: Unknown | unknown
Victim: Nintendo | Nintendo
Key Point :
- The vulnerability allows remote code execution through a memory corruption issue during LAN multiplayer sessions.
- A Proof-of-Concept (PoC) script demonstrates how attackers can exploit the flaw by manipulating packet lengths.
- Nintendo released a patch (v3.0.3) to address the issue, which players must install to secure their consoles.
A serious vulnerability, dubbed KartLANPwn (CVE-2024-45200), has been identified in the wildly popular Nintendo game Mario Kart 8 Deluxe, putting millions of players at risk of remote code execution (RCE) during multiplayer sessions. Discovered by security researcher @regginator, the flaw exploits an incorrect usage of Nintendo’s proprietary Pia P2P networking library used for both local (LAN/LDN) and online (NEX) multiplayer functionality.
KartLANPwn exploits a memory corruption issue in how the game handles data during the “browse-reply” process in LAN multiplayer. By crafting a special packet, hackers could potentially execute code on your console, granting them access to sensitive information or even full control of your device.
The vulnerability resides in the Pia library, a proprietary networking tool used by several Nintendo Switch games. In LAN play, a host console sends a “browse-reply” packet to other players on the network. By manipulating the length of this packet, attackers could overflow a buffer and execute arbitrary code.
The researcher has provided a Proof-of-Concept (PoC) Python script that acts as a fake room host. When a player opens the LAN Play menu, their console sends a browse request to the network. The attacker’s script then replies with a specially crafted packet, designed to crash the game. The PoC serves as a demonstration of the exploit’s power, emphasizing how easily an attacker on the same local network can target players in a seemingly benign multiplayer session.
[embedded content]
The CVE-2024-45200 vulnerability affects all versions of Mario Kart 8 Deluxe up to and including:
- v3.0.1 for the global release
- v3.0.2 for the China/Tencent release
Nintendo swiftly responded to this critical security issue, releasing a patch in v3.0.3 for all regions except China on September 11, 2024. The fix was later extended to the Tencent version in China on September 27, 2024, securing all versions of the game globally. This update addresses the buffer overflow issue in the Pia networking library, ensuring that outBufSize does not exceed the size of the output buffer.
If you are a player of Mario Kart 8 Deluxe, the most important step is to ensure your game is updated to the latest version (v3.0.3). Without this patch, your console remains vulnerable to this highly critical exploit, especially in local multiplayer settings like LAN Play.