CVE-2024-45200 in Mario Kart 8 Deluxe (KartLANPwn)
Summary
by MITRE • 09/30/2024
In Nintendo Mario Kart 8 Deluxe before 3.0.3, the LAN/LDN local multiplayer implementation allows a remote attacker to exploit a stack-based buffer overflow upon deserialization of session information via a malformed browse-reply packet, aka KartLANPwn. The victim is not required to join a game session with an attacker. The victim must open the "Wireless Play" (or "LAN Play") menu from the game's title screen, and an attacker nearby (LDN) or on the same LAN network as the victim can send a crafted reply packet to the victim's console. This enables a remote attacker to obtain complete denial-of-service on the game's process, or potentially, remote code execution on the victim's console. The issue is caused by incorrect use of the Nintendo Pia library,
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/01/2024
The vulnerability identified as CVE-2024-45200 represents a critical security flaw in Nintendo Mario Kart 8 Deluxe affecting versions prior to 3.0.3. This issue resides within the game's local area network and local direct network multiplayer implementation, specifically within the session information deserialization process. The vulnerability operates through a stack-based buffer overflow that occurs when the game processes malformed browse-reply packets, creating what security researchers have termed the KartLANPwn exploit. The flaw demonstrates characteristics consistent with CWE-121, stack-based buffer overflow, where insufficient bounds checking allows malicious data to overwrite adjacent memory locations, potentially leading to arbitrary code execution or complete denial-of-service conditions.
The attack vector for this vulnerability is particularly concerning due to its accessibility and the minimal user interaction required from the victim. Unlike traditional exploits that require active participation from the target, this vulnerability can be triggered simply by the victim opening the Wireless Play or LAN Play menu from the game's title screen. The attacker need only be within the same local network or nearby via local direct network connectivity to send a crafted reply packet that exploits the vulnerable deserialization process. This design flaw specifically affects the Nintendo Pia library implementation, which handles network communication and session management for multiplayer functionality. The vulnerability operates at the network protocol level, making it particularly dangerous as it can be exploited without the victim actively engaging with the game or accepting any network connections.
The operational impact of CVE-2024-45200 extends beyond simple denial-of-service conditions to potentially enable complete remote code execution on the victim's console. When a malicious packet is received and processed, the buffer overflow can corrupt critical memory structures, potentially allowing an attacker to redirect execution flow or inject malicious code. The attack scenario aligns with ATT&CK technique T1210, exploitation of remote services, and demonstrates how network-based vulnerabilities in gaming applications can provide attackers with significant control over user devices. The fact that no active game session participation is required makes this vulnerability particularly dangerous in public gaming environments or shared network spaces where multiple users might be running the vulnerable game version.
Mitigation strategies for this vulnerability should focus on immediate patch deployment through Nintendo's official update channels, as version 3.0.3 specifically addresses this issue. Network administrators and users should ensure all gaming consoles are updated to the latest firmware releases to prevent exploitation. Additionally, implementing network segmentation and firewall rules to restrict unnecessary network traffic between gaming devices can provide additional protection layers. The vulnerability highlights the importance of proper input validation and bounds checking in network communication libraries, particularly those handling user-provided data in gaming environments. Security professionals should monitor for similar issues in other Nintendo titles that utilize the Pia library, as this represents a systemic issue within the networking implementation that could affect multiple games across the platform. Organizations should also consider network-based intrusion detection systems to monitor for suspicious packet patterns that might indicate exploitation attempts.