Switch System Flaws: Difference between revisions
| Line 547: | Line 547: | ||
! Public disclosure timeframe | ! Public disclosure timeframe | ||
! Discovered by | ! Discovered by | ||
|- | |||
| Infoleak with [[HID_services|hid:sys]] SetButtonConfigStorage{name}Deprecated | |||
| These cmds pass a stack ptr for the StorageName when calling the internal func. Nothing is written to this StorageName. Hence, stack infoleak (data is copied as a NUL-terminated string), which can be later read by the GetButtonConfigStorage{name} cmds. | |||
This was fixed by removing the Deprecated cmds in [[13.0.0]]. | |||
| Infoleak of hid stack from a StorageName readable via GetButtonConfigStorage{name}, up to the NUL-terminator. | |||
| [[13.0.0]] | |||
| [[13.0.0]] | |||
| December 11, 2020 | |||
| September 27, 2021 | |||
| [[User:Yellows8|yellows8]] | |||
|- | |- | ||
| [[Bluetooth_Driver_services|bluetooth]] WriteHidData/WriteHidData2/SetHidReport unchecked memcpy size | | [[Bluetooth_Driver_services|bluetooth]] WriteHidData/WriteHidData2/SetHidReport unchecked memcpy size | ||