4,563
edits
Changes
Switch System Flaws (view source)
Revision as of 15:31, 27 September 2021
, 15:31, 27 September 2021→System Modules
! Public disclosure timeframe
! Public disclosure timeframe
! Discovered by
! Discovered by
|-
| Infoleak with [[HID_services|hid:sys]] SetButtonConfigStorage{name}Deprecated
| These cmds pass a stack ptr for the StorageName when calling the internal func. Nothing is written to this StorageName. Hence, stack infoleak (data is copied as a NUL-terminated string), which can be later read by the GetButtonConfigStorage{name} cmds.
This was fixed by removing the Deprecated cmds in [[13.0.0]].
| Infoleak of hid stack from a StorageName readable via GetButtonConfigStorage{name}, up to the NUL-terminator.
| [[13.0.0]]
| [[13.0.0]]
| December 11, 2020
| September 27, 2021
| [[User:Yellows8|yellows8]]
|-
|-
| [[Bluetooth_Driver_services|bluetooth]] WriteHidData/WriteHidData2/SetHidReport unchecked memcpy size
| [[Bluetooth_Driver_services|bluetooth]] WriteHidData/WriteHidData2/SetHidReport unchecked memcpy size