Line 1,013: |
Line 1,013: |
| Combined with a other minor bugs in the sysmodule, it is possible to take over [[SM]] with this nevertheless difficult-to-exploit vulnerability. | | Combined with a other minor bugs in the sysmodule, it is possible to take over [[SM]] with this nevertheless difficult-to-exploit vulnerability. |
| | Code execution under [[SM]], etc. | | | Code execution under [[SM]], etc. |
− | | None | + | | [[11.16.0-48]] |
| | [[11.14.0-46]] | | | [[11.14.0-46]] |
| | July 2017 | | | July 2017 |
| | [[User:TuxSH|TuxSH]] (independently), presumably ichfly before | | | [[User:TuxSH|TuxSH]] (independently), presumably ichfly before |
| + | |- |
| + | | PXI cmdbuf buffer overrun |
| + | | Like its Arm9 counterpart, before version [[5.0.0-11|5.0.0-X]], the PXI system module did not check the command sizes. This makes it possible to get ROP under the PXI sysmodule from a pwned Process9. |
| + | safecerthax uses it to takeover the Arm11 processor after directly getting remote code execution on the Arm9 side. Though, is useless in classic Arm11 -> Arm9 chains. |
| + | | ROP under [[PXI_Services|PXI]] |
| + | | probably [[5.0.0-11|5.0.0-X]] |
| + | | [[11.14.0-46]] |
| + | | |
| + | | Everyone |
| |} | | |} |
| | | |
Line 1,030: |
Line 1,039: |
| ! Timeframe this was added to wiki | | ! Timeframe this was added to wiki |
| ! Discovered by | | ! Discovered by |
| + | |- |
| + | | [[CSND_Services|CSND]] sysmodule crash due to out of bounds parameters. |
| + | | The CSND command [[CSND:PlaySoundDirectly|PlaySoundDirectly (0x00040080)]] takes a channel ID as the first parameter. Any value outside the range [0-3] makes the system module become unstable or crash due to an out of bounds memory read. |
| + | | Out of bounds memory read, probably not exploitable. More research needed. |
| + | | None |
| + | | [[11.14.0-46]] |
| + | | January 2021 |
| + | | January 22, 2021 |
| + | | [[User:PabloMK7|PabloMK7]] |
| + | |
| |- | | |- |
| | SSLoth: [[SSL_Services|SSL]] sysmodule improper certificate verification | | | SSLoth: [[SSL_Services|SSL]] sysmodule improper certificate verification |