Nintendo Switch Brew

Changes

Switch System Flaws (view source)

Revision as of 17:55, 3 May 2025

761 bytes added ,  3 May
→‎System Modules
Line 1,086: Line 1,086:  
| December 19, 2022
 
| December 19, 2022
 
| October 13, 2024
 
| October 13, 2024
 +
| [[User:Yellows8|yellows8]]
 +
|-
 +
| [[Bus_services|sasbus]] StartPeriodicReceiveMode infoleak
 +
| StartPeriodicReceiveMode writes a vtable ptr into the mapped tmem at +0. The tmem is mapped RW in the user-process. There is no clearing of tmem during tmem cleanup. Hence, the user-process can read the tmem to obtain a Bus-sysmodule codebin-region infoleak. This vtable-ptr seems to be unused - it's also empty after the first two entries (stubbed incref/decref).
 +
[20.0.0+] Removed the vtable ptr, with data intended for the user-process being moved from tmem+0x8 to +0x0. Also, instead of calling memset, funcs are called for manually clearing tmem.
 +
| Bus-sysmodule infoleak, which allows defeating ASLR.
 +
| [[20.0.0]]
 +
| [[20.0.0]]
 +
| February 22, 2022
 +
| May 3, 2025
 
| [[User:Yellows8|yellows8]]
 
| [[User:Yellows8|yellows8]]
 
|}
 
|}
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/13224"