Changes

968 bytes added ,  02:33, 18 June 2019
Line 418: Line 418:  
| September 19, 2018
 
| September 19, 2018
 
| SciresM
 
| SciresM
 +
|-
 +
| System modules vulnerable to selective downgrade attacks
 +
| Horizon has no mechanism for specifying the specific title version to Loader on process creation.
 +
 +
Observing this, one can note that after a system update one could install a downgraded version of a specific system module (e.g. nvservices) while leaving the rest of the OS at the same version.
 +
 +
Unless there was some breaking API change, this allows one to make a console vulnerable once more to an exploit in a sysmodule by downgrading it and nothing else.
 +
 +
This was fixed in [[8.1.0]] by incrementing a version field in NPDM, and checking it against a hardcoded list for certain titles in Loader's process creation func.
 +
| With access to content installation commands (or a vulnerable lower version to selectively install newer titles), reintroducing bugs in vulnerable system modules on newer firmware versions.
 +
| [[8.1.0]]
 +
| [[8.1.0]]
 +
| When FIRM was first dumped in 2017.
 +
| June 17, 2019
 +
| Everyone
 
|-
 
|-
 
|}
 
|}