Switch System Flaws: Difference between revisions
Tags: Replaced Undo |
|||
| Line 547: | Line 547: | ||
! Public disclosure timeframe | ! Public disclosure timeframe | ||
! Discovered by | ! Discovered by | ||
|- | |||
| [[Bluetooth_Driver_services|bluetooth]] EventInfo infoleak | |||
| The various funcs which send messages to the thread which handles writing to EventInfo, didn't clear the stack msgbuf. Hence, the various get-EventInfo cmds could return leaked stack data. This likely affected most (?) get-EventInfo cmds, besides CircularBuffer-GetHidReportEventInfo. | |||
This only matters for events where there's uninitialized regions of the EventInfo, such as events with variable-size data without a memset. | |||
This was fixed by clearing the msgbuf in a number of funcs. | |||
| Bluetooth-sysmodule stack infoleak, which allows defeating ASLR | |||
| [[13.0.0]] | |||
| [[13.1.0]] | |||
| | |||
| During initial [[13.0.0|diff]]. Added to this page on: December 12, 2021 | |||
| [[User:Yellows8|yellows8]] | |||
|- | |- | ||
| Infoleak with [[HID_services|hid:sys]] SetButtonConfigStorage{name}Deprecated | | Infoleak with [[HID_services|hid:sys]] SetButtonConfigStorage{name}Deprecated | ||