WiiUBrew

Changes

Wii U system flaws (view source)

Revision as of 02:02, 29 August 2021

No change in size ,  02:02, 29 August 2021
m
β†’β€ŽARM software (IOSU): moved ioctlvhax to kernel
Line 72: Line 72:  
!  Fixed in system version
 
!  Fixed in system version
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| ioctlvhax (ioctlv TOCTOU)
 +
| This flaw technically is in the kernel, but it can be used to exploit a userland module.
 +
It allows changing an ioctlv vector buffer address entry after it has been validated by the kernel. Any module not checking the number of ioctlv vectors is vulnerable. More information [https://nwert.wordpress.com/2016/05/03/ioctlvhax/ here].
 +
| ROP under several IOSU modules
 +
| 5.2.0
 +
| [[User:Naehrwert|naehrwert]] and [[User:Plutoo|plutoo]]
 
|-
 
|-
 
| Bad memset in IOS_CreateThread syscall
 
| Bad memset in IOS_CreateThread syscall
Line 108: Line 115:  
!  Fixed in system version
 
!  Fixed in system version
 
!  Discovered by
 
!  Discovered by
βˆ’
|-
  βˆ’
| ioctlvhax (ioctlv TOCTOU)
  βˆ’
| This flaw technically is in the kernel, but it can be used to exploit a userland module.
  βˆ’
It allows changing an ioctlv vector buffer address entry after it has been validated by the kernel. Any module not checking the number of ioctlv vectors is vulnerable. More information [https://nwert.wordpress.com/2016/05/03/ioctlvhax/ here].
  βˆ’
| ROP under several IOSU modules
  βˆ’
| 5.2.0
  βˆ’
| [[User:Naehrwert|naehrwert]] and [[User:Plutoo|plutoo]]
   
|-
 
|-
 
| uhshax (/dev/uhs/0 bad array index check)
 
| uhshax (/dev/uhs/0 bad array index check)
Hallowizer2
346

edits

Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/3220"