WiiUBrew

Changes

Wii U system flaws (view source)

Revision as of 11:08, 22 June 2016

517 bytes added ,  11:08, 22 June 2016
no edit summary
Line 27: Line 27:     
==IOSU module exploits==
 
==IOSU module exploits==
 +
 +
=== ioctlvhax - ioctlv TOCTOU (fixed with 5.2.0) ===
 +
While technically this flaw lies in the kernel though it can be used to exploit a usermode module.
 +
This allows to change an ioctlv vector buffer address entry after it has been validated by the kernel. Any module not checking the number of ioctlv vectors is vulnerable.
    
==IOSU kernel exploits==
 
==IOSU kernel exploits==
 +
 +
=== IOS_CreateThread unchecked memset ===
 +
This system call will fill the stack of the newly created thread with a predefined constant (0xFA5A5A5A) without validating the passed stack address.
Naehrwert
16

edits

Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/1994"