Thank you for your answers I thought the web browser exploit can make a stack attack ? (what core ?) It it the "user space" limitation that disallow the "well" defined jump to corrumpt ARM stack ? Do all core have the same right access ? Do all core have the same stack ? (well stupid question...) Corrupt "stack3" then corrupt "stack2" then corrupt "stack1" then corrupt "stack0" (ARM) then "profits" ?