Changes

Jump to navigation Jump to search

Switch System Flaws (view source)

Revision as of 06:16, 12 December 2021

752 bytes added ,  06:16, 12 December 2021
→‎System Modules
Line 547: Line 547:  
!  Public disclosure timeframe
 
!  Public disclosure timeframe
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| [[Bluetooth_Driver_services|bluetooth]] EventInfo infoleak
 +
| The various funcs which send messages to the thread which handles writing to EventInfo, didn't clear the stack msgbuf. Hence, the various get-EventInfo cmds could return leaked stack data. This likely affected most (?) get-EventInfo cmds, besides CircularBuffer-GetHidReportEventInfo.
 +
 +
This only matters for events where there's uninitialized regions of the EventInfo, such as events with variable-size data without a memset.
 +
 +
This was fixed by clearing the msgbuf in a number of funcs.
 +
| Bluetooth-sysmodule stack infoleak, which allows defeating ASLR
 +
| [[13.0.0]]
 +
| [[13.1.0]]
 +
|
 +
| During initial [[13.0.0|diff]]. Added to this page on: December 12, 2021
 +
| [[User:Yellows8|yellows8]]
 
|-
 
|-
 
| Infoleak with [[HID_services|hid:sys]] SetButtonConfigStorage{name}Deprecated
 
| Infoleak with [[HID_services|hid:sys]] SetButtonConfigStorage{name}Deprecated
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/11394"

Navigation menu