Switch System Flaws: Difference between revisions
Fix carveout range |
|||
| Line 472: | Line 472: | ||
! Public disclosure timeframe | ! Public disclosure timeframe | ||
! Discovered by | ! Discovered by | ||
|- | |||
| [[HID_services#hid:sys|hid:sys]] ButtonConfig s32 array-index not validated | |||
| The input s32 array-index for [[HID_services#hid:sys|hid:sys]] ButtonConfig cmds 1255-1270 was originally not validated. Using a negative or >=5 index results in accessing out-of-bounds data, with an array stored on stack. | |||
With [10.1.0+] each of these cmds will now Abort if the s32 is negative or >=5. | |||
| hid infoleak, out-of-bounds mem-write anywhere in hid address-space relative to the stack array (with constraints on the data). | |||
| [[10.1.0]] | |||
| [[10.1.0]] | |||
| April 18, 2020 | |||
| July 14, 2020 | |||
| [[User:Yellows8|yellows8]] | |||
|- | |- | ||
| [[Applet_Manager_services#IStorage|AM IStorage]] infoleak | | [[Applet_Manager_services#IStorage|AM IStorage]] infoleak | ||