Changes

842 bytes removed ,  14:44, 21 June 2017
m
...
Line 3: Line 3:     
=List of Switch System Flaws=
 
=List of Switch System Flaws=
 +
 +
These are currently public Switch System Flaws.
    
== Hardware ==  
 
== Hardware ==  
Line 21: Line 23:  
|-
 
|-
 
|}
 
|}
 
+
==ARM TrustZone software==
== System software ==
+
===ARM TrustZone===
=== Kernel ===
   
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 35: Line 36:  
!  Discovered by
 
!  Discovered by
 
|-
 
|-
|  No public Kernel exploits  
+
|  No public ARM TrustZone exploits  
 
|
 
|
 
|
 
|
Line 45: Line 46:  
|-
 
|-
 
|}
 
|}
 
+
== Kernel software==
=== TrustZone ===
+
===Kernel===
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 58: Line 59:  
!  Discovered by
 
!  Discovered by
 
|-
 
|-
|  No public ARM TrustZone exploits  
+
|  No public Kernel exploits  
 
|
 
|
 
|
 
|
Line 66: Line 67:  
|
 
|
 
|
 
|
|-
  −
|}
  −
  −
=== System Modules ===
  −
{| class="wikitable" border="1"
  −
|-
  −
!  Summary
  −
!  Description
  −
!  Successful exploitation result
  −
!  Fixed in system version
  −
!  Last system version this flaw was checked for
  −
!  Timeframe this was discovered
  −
!  Public disclosure timeframe
  −
!  Discovered by
  −
|-
  −
|  OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names)
  −
|  Prior to [[3.0.0]], pl:u (Shared Font services implemented in the NS sysmodule) service commands 1,2,3 took in a signed 32-bit index and returned that index of an array but did not check that index at all. This allowed for an arbitrary read within a 34-bit range (33-bit signed) from NS .bss. In [[3.0.0]], sending out of range indexes causes error code 0x60A to be returned.
  −
|  Dumping full NS .text, .rodata and .data, infoleak, etc
  −
|  [[3.0.0]]
  −
|  [[3.0.0]]
  −
|  April 2017
  −
|  On exploit's fix in [[3.0.0]]
  −
|  qlutoo, Reswitched team (independently)
   
|-
 
|-
 
|}
 
|}
75

edits