6,264
edits
Changes
Jump to navigation
Jump to search
Line 193:
Line 193: − − === ARM11 system applications and applets === Line 201:
Line 199: − + − + − Line 220:
Line 217: + + + + + + + + + + +
no edit summary
=== ARM11 system modules ===
=== ARM11 system modules ===
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Successful exploitation result
! Successful exploitation result
! Fixed in system version
! Fixed in system version
! Last FIRM version this flaw was checked for
! Last system version this flaw was checked for
! Timeframe this was discovered
! Timeframe this was discovered
|-
|-
| gspwn
| gspwn
| GSP module does not validate addresses given to the GPU. This allows a user-mode game to read/write to a large part of physical FCRAM using GPU DMA. From this, you can overwrite the .text segment of the game you're running under, and gain real code-execution from a ROP-chain.
| GSP module does not validate addresses given to the GPU. This allows a user-mode application/applet to read/write to a large part of physical FCRAM using GPU DMA. From this, you can overwrite the .text segment of the application you're running under, and gain real code-execution from a ROP-chain. Normally applets' .text([[Home Menu]], [[Internet Browser]], etc) is located beyond the area accessible by the GPU, except for [[RO_Services|CROs]] used by applets([[Internet Browser]] for example).
| User-mode code execution.
| User-mode code execution.
| None
| None
| [[9.4.0-21]]
| [[9.4.0-21]]
|
|
|}
=== ARM11 system applications and applets ===
{| class="wikitable" border="1"
|-
! Summary
! Description
! Successful exploitation result
! Fixed in system version
! Last system version this flaw was checked for
! Timeframe this was discovered
|-
|-
| 3DS [[System Settings]] DS profile string stack-smash
| 3DS [[System Settings]] DS profile string stack-smash