3dbrew

Changes

3DS System Flaws (edit)

Revision as of 11:21, 22 March 2015

805 bytes added ,  11:21, 22 March 2015
no edit summary
Line 122: Line 122:  
| 2013?
 
| 2013?
 
| [[User:Yellows8|Yellows8]]
 
| [[User:Yellows8|Yellows8]]
 +
|-
 +
| [[PXI_Registers|PXI]] cmdbuf buffer overrun
 +
| The Process9 code responsible [[PXI_Registers|PXI]] communications didn't verify the size of the incoming command before writing it to a C++ member variable.
 +
| Probably ARM9 code execution
 +
| [[5.0.0-11|5.0.0-11]]
 +
|
 +
| March 2015
 +
| plutoo/[[User:Yellows8|Yellows8]]
 
|-
 
|-
 
| [[Application_Manager_Services_PXI|PXIAM]] command 0x003D0108(See also [[Application_Manager_Services|this]])
 
| [[Application_Manager_Services_PXI|PXIAM]] command 0x003D0108(See also [[Application_Manager_Services|this]])
Line 139: Line 147:  
| 2012
 
| 2012
 
| [[User:Yellows8|Yellows8]]
 
| [[User:Yellows8|Yellows8]]
 +
|-
 +
| [[PXI_Registers|PXI]] pxi_id bad check
 +
| The Process9 code responsible for [[PXI_Registers|PXI]] communications read pxi_id as a signed char. There were two flaws:
 +
* They used it as index to a lookup-table without checking the value at all.
 +
* Another function verified that pxi_id < 7, allowing negative values to pass the check. This would also cause an out-of-range table-lookup.
 +
| Maybe ARM9 code execution
 +
| [[3.0.0-5|3.0.0-5]]
 +
|
 +
| March 2015
 +
| plutoo/[[User:Yellows8|Yellows8]]
 
|}
 
|}
  
Retrieved from "https://www.3dbrew.org/wiki/Special:MobileDiff/12014"