Nintendo Switch Brew

Changes

Switch System Flaws (view source)

Revision as of 18:51, 11 December 2020

117 bytes added ,  18:51, 11 December 2020
→‎System Modules
Line 522: Line 522:  
| [[HID_services#hid:sys|hid:sys]] ButtonConfig s32 array-index not validated
 
| [[HID_services#hid:sys|hid:sys]] ButtonConfig s32 array-index not validated
 
| The input s32 array-index for [[HID_services#hid:sys|hid:sys]] ButtonConfig cmds 1255-1270 was originally not validated. Using a negative or >=5 index results in accessing out-of-bounds data, with an array stored on stack.
 
| The input s32 array-index for [[HID_services#hid:sys|hid:sys]] ButtonConfig cmds 1255-1270 was originally not validated. Using a negative or >=5 index results in accessing out-of-bounds data, with an array stored on stack.
With [10.1.0+] each of these cmds will now Abort if the s32 is negative or >=5.
+
[10.1.0-10.2.0] Each of these cmds will now Abort if the s32 is negative or >=5. [11.0.0+] Now an unsigned compare is used, with 0 or an error being immediately returned when the value is invalid.
 
| hid infoleak, out-of-bounds mem-write anywhere in hid address-space relative to the stack array (with constraints on the data).
 
| hid infoleak, out-of-bounds mem-write anywhere in hid address-space relative to the stack array (with constraints on the data).
 
| [[10.1.0]]
 
| [[10.1.0]]
| [[10.1.0]]
+
| [[11.0.1]]
 
| April 18, 2020
 
| April 18, 2020
 
| July 14, 2020
 
| July 14, 2020
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/10471"