Changes

Jump to navigation Jump to search
Line 1,004: Line 1,004:  
| February 25, 2022
 
| February 25, 2022
 
| October 24, 2023
 
| October 24, 2023
 +
| [[User:Yellows8|yellows8]]
 +
|-
 +
| [[Audio_services|audctl]] GetTargetDeviceInfo infoleak
 +
| audctl GetTargetDeviceInfo calls an impl func with a ptr to a stackbuf, then if successful memcpys the 0x100-bytes from that buffer to output. This stackbuf is not memset. This func (after doing various state checks) copies a string to output, other than always writing a NUL-terminator there's no clearing of the buffer.
 +
 +
This will leak audio-sysmodule stack into the output buffer as long as the state/input checks pass (for the remainder of the buffer following the string NUL-terminator).
 +
 +
With [18.0.0+] data is written directly to the outbuf instead of the stack tmpbuf.
 +
| audio-sysmodule infoleak, which allows defeating ASLR.
 +
| [[18.0.0]]
 +
| [[18.0.0]]
 +
| December 24, 2022
 +
| March 26, 2024
 
| [[User:Yellows8|yellows8]]
 
| [[User:Yellows8|yellows8]]
 
|}
 
|}

Navigation menu