Changes

951 bytes added ,  21:55, 30 April 2021
not really a vulnerability per-se but funky flawed behavior nonetheless
Line 145: Line 145:  
| Jan 2021
 
| Jan 2021
 
| [[User:Hexkyz|hexkyz]]/[[User:SciresM|SciresM]], [[User:Vale|Vale]]/[[User:Thog|Thog]] (independently), [[User:Tatsuko|Tatsuko]] (independently), possibly others (independently).
 
| [[User:Hexkyz|hexkyz]]/[[User:SciresM|SciresM]], [[User:Vale|Vale]]/[[User:Thog|Thog]] (independently), [[User:Tatsuko|Tatsuko]] (independently), possibly others (independently).
 +
|-
 +
| Boot straps are not relatched on watchdog resets (strapwn)
 +
| On boot, the BOOTSELECT, RCM and RAM_CODE straps are latched from external GPIO to determine which boot medium to use and verify from in bootrom. However, APB_MISC_PP_STRAPPING_OPT_A can be overwritten with arbitrary values following bootrom. Write access to PP_STRAPPING_OPT_A would otherwise be mundane, however these straps are not relatched during a watchdog reset (despite being latched during other software resets), allowing for arbitrary straps to be selected and executed in bootrom.
 +
 +
This allows setting NVPROD_UART on some hardware configurations where it would normally be unavailable (ie on Jetson Nano boards), but is otherwise mostly useless and/or useful for testing unintended boot options (such as USB Mass Storage boot) without having to move boot strap resistors.
 +
| Unknown
 +
| HAC-001 (Tegra210)
 +
| May 2020
 +
| April 30, 2021
 +
| [[User:Shinyquagsire23|Shiny Quagsire]]
 
|}
 
|}