3DS System Flaws: Difference between revisions
No edit summary |
|||
| Line 449: | Line 449: | ||
| | | | ||
| derrek | | derrek | ||
|- | |||
| heaphax | |||
| Can change the size of free memchunk structures stored in FCRAM using DMA, which leads to the ability to allocate memory chunks over already-allocated memory. This can be used in the SYSTEM region to allocate RW memory over any part of the NS system module, which is enough to take it over. | |||
| Code execution with access to all of NS's privileges. (including downgrading) Code execution within any applet. | |||
| [[11.0.0-33|11.0.0-X]] (partial) | |||
| [[11.0.0-33|11.0.0-X]] | |||
| April 2015 ? | |||
| smea | |||
|- | |||
| snshax | |||
| Can force creation of Safe NS process into gspwn-able memory, allowing for takeover. | |||
| Code execution with access to all of NS's privileges. (including downgrading) | |||
| [[10.1.0-27|10.1.0-X]] | |||
| [[10.1.0-27|10.1.0-X]] | |||
| April 2015 ? | |||
| smea | |||
|- | |- | ||
| AffinityMask/processorid validation | | AffinityMask/processorid validation | ||