Switch System Flaws: Difference between revisions
warmboothax is fixed in mariko |
|||
| Line 522: | Line 522: | ||
| [[HID_services#hid:sys|hid:sys]] ButtonConfig s32 array-index not validated | | [[HID_services#hid:sys|hid:sys]] ButtonConfig s32 array-index not validated | ||
| The input s32 array-index for [[HID_services#hid:sys|hid:sys]] ButtonConfig cmds 1255-1270 was originally not validated. Using a negative or >=5 index results in accessing out-of-bounds data, with an array stored on stack. | | The input s32 array-index for [[HID_services#hid:sys|hid:sys]] ButtonConfig cmds 1255-1270 was originally not validated. Using a negative or >=5 index results in accessing out-of-bounds data, with an array stored on stack. | ||
[10.1.0-10.2.0] Each of these cmds will now Abort if the s32 is negative or >=5. [11.0.0+] Now an unsigned compare is used, with 0 or an error being immediately returned when the value is invalid. | |||
| hid infoleak, out-of-bounds mem-write anywhere in hid address-space relative to the stack array (with constraints on the data). | | hid infoleak, out-of-bounds mem-write anywhere in hid address-space relative to the stack array (with constraints on the data). | ||
| [[10.1.0]] | | [[10.1.0]] | ||
| [[ | | [[11.0.1]] | ||
| April 18, 2020 | | April 18, 2020 | ||
| July 14, 2020 | | July 14, 2020 | ||