Switch System Flaws: Difference between revisions
| (One intermediate revision by the same user not shown) | |||
| Line 1,096: | Line 1,096: | ||
| February 22, 2022 | | February 22, 2022 | ||
| May 3, 2025 | | May 3, 2025 | ||
| [[User:Yellows8|yellows8]] | |||
|- | |||
| [[NFC_services|nfc]] SendCommandByPassThrough buffer overflow | |||
| SendCommandByPassThrough eventually copies the input buffer into a fixed-size heap buffer, without size validation. | |||
This was fixed with [20.0.0+] by clamping the size. | |||
| nfc-sysmodule heap buffer overflow. | |||
| [[20.0.0]] | |||
| [[20.0.0]] | |||
| Late November 2021 | |||
| May 3, 2025 | |||
| [[User:Yellows8|yellows8]] (maybe others?) | |||
|- | |||
| [[HID_services|hidbus]] EnableJoyPollingReceiveMode infoleak | |||
| The tmem initialized by hidbus EnableJoyPollingReceiveMode contains a vtable ptr (tmem+0x10), hence infoleak. With [20.0.0+] the vtable ptr write was removed, and tmem is now memset starting at tmem+0x10 instead of +0x20. | |||
| hid-sysmodule infoleak, which allows defeating ASLR. | |||
| [[20.0.0]] | |||
| [[20.0.0]] | |||
| March 2020 | |||
| May 4, 2025 | |||
| [[User:Yellows8|yellows8]] | | [[User:Yellows8|yellows8]] | ||
|} | |} | ||