Switch System Flaws: Difference between revisions
No edit summary |
|||
| Line 573: | Line 573: | ||
! Public disclosure timeframe | ! Public disclosure timeframe | ||
! Discovered by | ! Discovered by | ||
|- | |||
| Infoleak with [[Joy-Con]] HidCommand PairingIn | |||
| The joycon protocol handler for PairingIn copies data from stack to the response cmd-buf for sending PairingOut. Only the first byte is set to a type value, the rest is uninitialized stack data. | |||
This was fixed with [15.0.0+] by directly writing to the response data without using stack data. | |||
| Infoleak of hid stack via a bluetooth/uart message+response with a connected hid controller. This returns addrs for the main-codebin/stack, which allows defeating ASLR. | |||
| [[15.0.0]] | |||
| [[15.0.0]] | |||
| September 4, 2020 | |||
| October 10, 2022 | |||
| [[User:Yellows8|yellows8]] | |||
|- | |- | ||
| [[Sockets_services|bsdsockets]] ioctl SIOCGIFMEDIA input can contain ptr | | [[Sockets_services|bsdsockets]] ioctl SIOCGIFMEDIA input can contain ptr | ||