Nintendo Switch Brew

Changes

Switch System Flaws (view source)

Revision as of 19:33, 7 December 2022

904 bytes added ,  19:33, 7 December 2022
→‎Pia
Line 1,138: Line 1,138:  
| November 29, 2022
 
| November 29, 2022
 
| [[User:Yellows8|yellows8]]
 
| [[User:Yellows8|yellows8]]
 +
|-
 +
| Uncleared input structs for [[LDN_services|LDN]]
 +
| The Pia code using ldn CreateNetwork*/ConnectNetwork*/Scan doesn't properly memset the input data for SecurityConfig/ScanFilter (when keysize is less than 0x40 for the former). Hence, infoleak from games is sent to ldn (structs are located on stack, so stack data is leaked). This requires ldn compromise/mitm to obtain the leaked data - these are not sent over the network.
 +
With v6.20.1 (exact version unknown - fix isn't present in v5.32.0), the code using Scan* now clears the input ScanFilter properly. With v6.25.1 (exact version unknown - fix isn't present in v6.23.3), the code using CreateNetwork*/ConnectNetwork* now clears the input SecurityConfig properly.
 +
| Infoleak from games with LDN cmds, requires compromised sysmodule/mitm.
 +
| v6.20.1 and v6.25.1, exact versions unknown.
 +
| v5.32.0/v6.20.1/v6.23.3/v6.25.1
 +
|
 +
| December 7, 2022
 +
|
 
|}
 
|}
  
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/12062"