Changes

428 bytes added ,  03:10, 12 January 2015
no edit summary
Line 193: Line 193:     
=== ARM11 system modules ===
 
=== ARM11 system modules ===
  −
=== ARM11 system applications and applets  ===
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 201: Line 199:  
!  Successful exploitation result
 
!  Successful exploitation result
 
!  Fixed in system version
 
!  Fixed in system version
!  Last FIRM version this flaw was checked for
+
!  Last system version this flaw was checked for
 
!  Timeframe this was discovered
 
!  Timeframe this was discovered
 
|-
 
|-
 
| gspwn
 
| gspwn
| GSP module does not validate addresses given to the GPU. This allows a user-mode game to read/write to a large part of physical FCRAM using GPU DMA. From this, you can overwrite the .text segment of the game you're running under, and gain real code-execution from a ROP-chain.
+
| GSP module does not validate addresses given to the GPU. This allows a user-mode application/applet to read/write to a large part of physical FCRAM using GPU DMA. From this, you can overwrite the .text segment of the application you're running under, and gain real code-execution from a ROP-chain. Normally applets' .text([[Home Menu]], [[Internet Browser]], etc) is located beyond the area accessible by the GPU, except for [[RO_Services|CROs]] used by applets([[Internet Browser]] for example).
 
   
| User-mode code execution.
 
| User-mode code execution.
 
| None
 
| None
Line 220: Line 217:  
| [[9.4.0-21]]
 
| [[9.4.0-21]]
 
|  
 
|  
 +
|}
 +
 +
=== ARM11 system applications and applets  ===
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Summary
 +
!  Description
 +
!  Successful exploitation result
 +
!  Fixed in system version
 +
!  Last system version this flaw was checked for
 +
!  Timeframe this was discovered
 
|-
 
|-
 
| 3DS [[System Settings]] DS profile string stack-smash
 
| 3DS [[System Settings]] DS profile string stack-smash