Changes

Jump to navigation Jump to search
547 bytes added ,  00:00, 29 January 2021
m
TSEC Heavy Secure bypass
Line 127: Line 127:  
| August 2020
 
| August 2020
 
| [[User:qlutoo|qlutoo]]/[[User:Hexkyz|hexkyz]]/[[User:Shuffle2|shuffle2]], [[User:SciresM|SciresM]]/[[User:motezazer|motezazer]] (independently).
 
| [[User:qlutoo|qlutoo]]/[[User:Hexkyz|hexkyz]]/[[User:Shuffle2|shuffle2]], [[User:SciresM|SciresM]]/[[User:motezazer|motezazer]] (independently).
 +
|-
 +
| TSEC authentication bypass via TSEC DMA engine stack overwrite
 +
| TSEC DMA engine does not stop when entering csigauth operation. By pointing TSEC DMA to current stack before csigauth operation, stack can be controlled. Using blind ROP, code flow can be altered leading to full control during csigauth operation, such as dumping the calculated authentication signature for any arbitrary piece of code. Because of this TSEC Heavy Secure mode is completely broken
 +
| None
 +
| TSEC for all Tegra devices
 +
| 2019
 +
| Jan 2021
 +
| [[User:Tatsuko|Tatsuko]]
 
|}
 
|}
  
2

edits

Navigation menu