Switch System Flaws: Difference between revisions
| Line 88: | Line 88: | ||
| GetLastThreadInfo UAF | | GetLastThreadInfo UAF | ||
| GetLastThreadInfo syscall gets last-scheduled-KThread pointer from KScheduler object. This pointer is not reference counted, and can be pointing to a freed KThread. | | GetLastThreadInfo syscall gets last-scheduled-KThread pointer from KScheduler object. This pointer is not reference counted, and can be pointing to a freed KThread. | ||
| Nothing. There is a theoretical race that might leak | | Nothing. There is a theoretical race that might leak from a KThread from a different process, but it's impossible to trigger practically. | ||
| Unfixed | | Unfixed | ||
| | | | ||