By entering this site you need to consent to the use of cookies and their functional use according to this privacy policy. Cookies help us to provide the functional services of the website. Kindly read the below message of use and consent to the use.
The following cookies are stored and shared when accessing this website:
- Internal cookies for the MediaWiki site. This is used for user authentication and article modifications.
- Third-party cookies from Google providing services for Google AdSense and Google Analytics
We will never use data collected outside of the above scope.
| System modules vulnerable to selective downgrade attacks
+
| Horizon has no mechanism for specifying the specific title version to Loader on process creation.
+
+
Observing this, one can note that after a system update one could install a downgraded version of a specific system module (e.g. nvservices) while leaving the rest of the OS at the same version.
+
+
Unless there was some breaking API change, this allows one to make a console vulnerable once more to an exploit in a sysmodule by downgrading it and nothing else.
+
+
This was fixed in [[8.1.0]] by incrementing a version field in NPDM, and checking it against a hardcoded list for certain titles in Loader's process creation func.
+
| With access to content installation commands (or a vulnerable lower version to selectively install newer titles), reintroducing bugs in vulnerable system modules on newer firmware versions.