3DS System Flaws: Difference between revisions
safecerthax →Process9 |
|||
| Line 1,017: | Line 1,017: | ||
| July 2017 | | July 2017 | ||
| [[User:TuxSH|TuxSH]] (independently), presumably ichfly before | | [[User:TuxSH|TuxSH]] (independently), presumably ichfly before | ||
|- | |||
| PXI cmdbuf buffer overrun | |||
| Like its Arm9 counterpart, before version [[5.0.0-11|5.0.0-X]], the PXI system module did not check the command sizes. This makes it possible to get ROP under the PXI sysmodule from a pwned Process9. | |||
safecerthax uses it to takeover the Arm11 processor after directly getting remote code execution on the Arm9 side. Though, is useless in classic Arm11 -> Arm9 chains. | |||
| ROP under [[PXI_Services|PXI]] | |||
| probably [[5.0.0-11|5.0.0-X]] | |||
| [[11.14.0-46]] | |||
| | |||
| Everyone | |||
|} | |} | ||