Changes

Jump to navigation Jump to search

Wii U system flaws (view source)

Revision as of 01:02, 29 August 2021

No change in size ,  01:02, 29 August 2021
m
→‎ARM software (IOSU): moved ioctlvhax to kernel
Line 72: Line 72:  
!  Fixed in system version
 
!  Fixed in system version
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| ioctlvhax (ioctlv TOCTOU)
 +
| This flaw technically is in the kernel, but it can be used to exploit a userland module.
 +
It allows changing an ioctlv vector buffer address entry after it has been validated by the kernel. Any module not checking the number of ioctlv vectors is vulnerable. More information [https://nwert.wordpress.com/2016/05/03/ioctlvhax/ here].
 +
| ROP under several IOSU modules
 +
| 5.2.0
 +
| [[User:Naehrwert|naehrwert]] and [[User:Plutoo|plutoo]]
 
|-
 
|-
 
| Bad memset in IOS_CreateThread syscall
 
| Bad memset in IOS_CreateThread syscall
Line 108: Line 115:  
!  Fixed in system version
 
!  Fixed in system version
 
!  Discovered by
 
!  Discovered by
|-
  −
| ioctlvhax (ioctlv TOCTOU)
  −
| This flaw technically is in the kernel, but it can be used to exploit a userland module.
  −
It allows changing an ioctlv vector buffer address entry after it has been validated by the kernel. Any module not checking the number of ioctlv vectors is vulnerable. More information [https://nwert.wordpress.com/2016/05/03/ioctlvhax/ here].
  −
| ROP under several IOSU modules
  −
| 5.2.0
  −
| [[User:Naehrwert|naehrwert]] and [[User:Plutoo|plutoo]]
   
|-
 
|-
 
| uhshax (/dev/uhs/0 bad array index check)
 
| uhshax (/dev/uhs/0 bad array index check)
Hallowizer2
346

edits

Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/3220"

Navigation menu