In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

Changes

Jump to navigation Jump to search

Wii system flaws (view source)

Revision as of 19:16, 21 June 2021

No change in size ,  19:16, 21 June 2021
m
→‎IOS: sorted by IOS module
Line 86: Line 86:  
!  Discovered
 
!  Discovered
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| Kernel
 +
| No sanity checks on arguments passed to get_kernel_flavor and get_unk_flavor
 +
| System calls get_kernel_flavor and get_unk_flavor do not check to ensure that the pointers passed are appropriate to write to; they will write to any addresses.
 +
| If IOS code execution is gained, any address can be overwritten to some specific values by passing those addresses into get_kernel_flavor or get_unk_flavor.
 +
| Unknown
 +
| {{SortableMonth}}
 +
| [[fail0verflow]]
 
|-
 
|-
 
|  ES
 
|  ES
Line 94: Line 102:  
| {{SortableMonth}}
 
| {{SortableMonth}}
 
|  [[fail0verflow]] and xt5 (independently)
 
|  [[fail0verflow]] and xt5 (independently)
|-
  −
|  STM
  −
|  STM release bug
  −
|  The state transition manager checks if a handle is invalid before releasing it, but forgets to actually refuse to release it if it is invalid. More information can be seen at [[STM Release Exploit]]
  −
| Control over IOS can be gained.
  −
| [[4.0]]
  −
| {{SortableMonth}}
  −
| [[fail0verflow]], Anonymous person (from reverse engineering [[Homebrew Channel]] installer)
   
|-
 
|-
 
| ES
 
| ES
Line 109: Line 109:  
| Unfixed
 
| Unfixed
 
| {{SortableMonth|Jun|2008}}
 
| {{SortableMonth|Jun|2008}}
| [[fail0verflow]]
  −
|-
  −
| Kernel
  −
| No sanity checks on arguments passed to get_kernel_flavor and get_unk_flavor
  −
| System calls get_kernel_flavor and get_unk_flavor do not check to ensure that the pointers passed are appropriate to write to; they will write to any addresses.
  −
| If IOS code execution is gained, any address can be overwritten to some specific values by passing those addresses into get_kernel_flavor or get_unk_flavor.
  −
| Unknown
  −
| {{SortableMonth}}
   
| [[fail0verflow]]
 
| [[fail0verflow]]
 
|-
 
|-
Line 158: Line 150:  
| Unknown
 
| Unknown
 
| {{SortableMonth}}
 
| {{SortableMonth}}
 +
|-
 +
|  STM
 +
|  STM release bug
 +
|  The state transition manager checks if a handle is invalid before releasing it, but forgets to actually refuse to release it if it is invalid. More information can be seen at [[STM Release Exploit]]
 +
| Control over IOS can be gained.
 +
| [[4.0]]
 +
| {{SortableMonth}}
 +
| [[fail0verflow]], Anonymous person (from reverse engineering [[Homebrew Channel]] installer)
 
|}
 
|}
  
Hallowizer
5,579

edits

Retrieved from "https://wiibrew.org/wiki/Special:MobileDiff/112266"

Navigation menu