Changes

Jump to navigation Jump to search
3 bytes removed ,  04:17, 12 October 2022
Move ro aslr flaw to non-firm sysmodules section
Line 568: Line 568:  
| [[15.0.0]]
 
| [[15.0.0]]
 
| January 30, 2022 (presumably found much earlier?)
 
| January 30, 2022 (presumably found much earlier?)
| October 11, 2022
  −
| Everyone
  −
|-
  −
| Broken RNG for [[RO_services|ro]] ASLR
  −
| The RNG used to determine where to randomly map NROs in the target process was TinyMT (nn::os::detail::RngManager output, seeded by 128 bits of entropy). However, TinyMT is not cryptographically secure (and can in fact be analytically solved).
  −
  −
Thus, with a few NRO mapping addresses, one could learn the TinyMT state and derive all previous/future RNG outputs, breaking NRO aslr for all processes.
  −
  −
With [15.0.0+] ro now uses csrng_GenerateRandomBytes to determine the random map address for NROs.
  −
| Breaking ASLR for all NROs loaded in all processes, allowing predicting all NRO mappings for all processes until the next reboot.
  −
| [[15.0.0]]
  −
| [[15.0.0]]
  −
| Late 2021/Early 2022
   
| October 11, 2022
 
| October 11, 2022
 
| Everyone
 
| Everyone
Line 890: Line 877:  
| Everyone
 
| Everyone
 
|-
 
|-
 +
| Broken RNG for [[RO_services|ro]] ASLR
 +
| The RNG used to determine where to randomly map NROs in the target process was TinyMT (nn::os::detail::RngManager output, seeded by 128 bits of entropy). However, TinyMT is not cryptographically secure (and can in fact be analytically solved).
 +
 +
Thus, with a few NRO mapping addresses, one could learn the TinyMT state and derive all previous/future RNG outputs, breaking NRO aslr for all processes.
 +
 +
With [15.0.0+] ro now uses csrng_GenerateRandomBytes to determine the random map address for NROs.
 +
| Breaking ASLR for all NROs loaded in all processes, allowing predicting all NRO mappings for all processes until the next reboot.
 +
| [[15.0.0]]
 +
| [[15.0.0]]
 +
| Late 2021/Early 2022
 +
| October 11, 2022
 +
| Everyone
 
|}
 
|}

Navigation menu