Switch System Flaws: Difference between revisions
m Precision |
rip |
||
| Line 139: | Line 139: | ||
| 34c3 (December 28, 2017) | | 34c3 (December 28, 2017) | ||
| [[User:qlutoo|qlutoo]] | | [[User:qlutoo|qlutoo]] | ||
|- | |||
| Memory Controller not properly secured | |||
| The Switch OS originally had the memory controller not set to be accessible only by the secure-world, which was problematic because insecure access can compromise the kernel. | |||
This was fixed partially in [[2.0.0]] by blacklisting the memory controller from being mapped by user-processes, and was fixed entirely in [[4.0.0]] by making the memory controller TZ-only and making all kernel accesses go through [[SMC|smcReadWriteRegister]]. | |||
| With some way to access the memory controller MMIO, arbitrary kernel code execution. | |||
| [[4.0.0]] | |||
| [[4.0.0]] | |||
| January 2018 | |||
| January 2018 | |||
| SciresM, yellows8 | |||
|- | |- | ||
|} | |} | ||
| Line 185: | Line 196: | ||
| December 30, 2017 | | December 30, 2017 | ||
| Everyone | | Everyone | ||
|- | |||
|} | |} | ||