Switch System Flaws: Difference between revisions
same conceptual aslr issue was fixed in ro, not just loader |
|||
| Line 568: | Line 568: | ||
| [[15.0.0]] | | [[15.0.0]] | ||
| January 30, 2022 (presumably found much earlier?) | | January 30, 2022 (presumably found much earlier?) | ||
| October 11, 2022 | |||
| Everyone | |||
|- | |||
| Broken RNG for [[RO_services|ro]] ASLR | |||
| The RNG used to determine where to randomly map NROs in the target process was TinyMT (nn::os::detail::RngManager output, seeded by 128 bits of entropy). However, TinyMT is not cryptographically secure (and can in fact be analytically solved). | |||
Thus, with a few NRO mapping addresses, one could learn the TinyMT state and derive all previous/future RNG outputs, breaking NRO aslr for all processes. | |||
With [15.0.0+] ro now uses csrng_GenerateRandomBytes to determine the random map address for NROs. | |||
| Breaking ASLR for all NROs loaded in all processes, allowing predicting all NRO mappings for all processes until the next reboot. | |||
| [[15.0.0]] | |||
| [[15.0.0]] | |||
| Late 2021/Early 2022 | |||
| October 11, 2022 | | October 11, 2022 | ||
| Everyone | | Everyone | ||