Changes

Jump to navigation Jump to search

3DS System Flaws (edit)

Revision as of 11:53, 18 December 2020

497 bytes added ,  11:53, 18 December 2020
→‎FIRM Sysmodules
Line 1,017: Line 1,017:  
| July 2017
 
| July 2017
 
| [[User:TuxSH|TuxSH]] (independently), presumably ichfly before  
 
| [[User:TuxSH|TuxSH]] (independently), presumably ichfly before  
 +
|-
 +
| PXI cmdbuf buffer overrun
 +
| Like its Arm9 counterpart, before version [[5.0.0-11|5.0.0-X]], the PXI system module did not check the command sizes. This makes it possible to get ROP under the PXI sysmodule from a pwned Process9.
 +
safecerthax uses it to takeover the Arm11 processor after directly getting remote code execution on the Arm9 side. Though, is useless in classic Arm11 -> Arm9 chains.
 +
| ROP under [[PXI_Services|PXI]]
 +
| probably [[5.0.0-11|5.0.0-X]]
 +
| [[11.14.0-46]]
 +
|
 +
| Everyone
 
|}
 
|}
  
Nba Yoh
28

edits

Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/21363"

Navigation menu