6,264
edits
Changes
Jump to navigation
Jump to search
Line 46:
Line 46: − + +
→FIRM Process9
! Discovered by
! Discovered by
|-
|-
|
| firmlaunch-haxx: FIRM header ToCToU
| This can't be exploited from ARM11 userland.
| This can't be exploited from ARM11 userland.
During [[FIRM]] launch, the only FIRM header the ARM9 uses at all is stored in FCRAM, this is 0x200-bytes(the actual used FIRM RSA signature is read to the Process9 stack however). The ARM9 doesn't expect "anything" besides the ARM9 to access this data.
| ARM9 code execution
| ARM9 code execution
| None
| None