1,359
edits
Changes
→Kernel
|
|
| ?
| ?
|-
| svcWaitSynchronization/svcReplyAndReceive bad cleanup on error
| If there is a page fault when fetching handles from the userspace array, it cleans up by dereferencing all objects despite having only loaded first N. Allows the attacker to make arbitrary decrefs on any kernel synchronization object, and thus can be used to get UAF. Haven't actually been tried on real HW though, but should work (tm).
| Kernel code execution
| 2.0.0
| 2.0.0
|
| 24 April
| [[User:qlutoo|qlutoo]]
|-
|-
| GetLastThreadInfo UAF
| GetLastThreadInfo UAF