1,359
edits
Changes
Jump to navigation
Jump to search
Line 163:
Line 163: + + + + + + + + +
→Kernel
|
|
| ?
| ?
|-
| svcWaitSynchronization/svcReplyAndReceive bad cleanup on error
| If there is a page fault when fetching handles from the userspace array, it cleans up by dereferencing all objects despite having only loaded first N. Allows the attacker to make arbitrary decrefs on any kernel synchronization object, and thus can be used to get UAF. Haven't actually been tried on real HW though, but should work (tm).
| Kernel code execution
| 2.0.0
| 2.0.0
|
| 24 April
| [[User:qlutoo|qlutoo]]
|-
|-
| GetLastThreadInfo UAF
| GetLastThreadInfo UAF