Nintendo Switch Brew

Changes

Switch System Flaws (view source)

Revision as of 03:12, 11 October 2022

612 bytes added ,  03:12, 11 October 2022
→‎System Modules
Line 573: Line 573:  
!  Public disclosure timeframe
 
!  Public disclosure timeframe
 
!  Discovered by
 
!  Discovered by
 +
|-
 +
| Infoleak with [[Joy-Con]] HidCommand PairingIn
 +
| The joycon protocol handler for PairingIn copies data from stack to the response cmd-buf for sending PairingOut. Only the first byte is set to a type value, the rest is uninitialized stack data.
 +
 +
This was fixed with [15.0.0+] by directly writing to the response data without using stack data.
 +
| Infoleak of hid stack via a bluetooth/uart message+response with a connected hid controller. This returns addrs for the main-codebin/stack, which allows defeating ASLR.
 +
| [[15.0.0]]
 +
| [[15.0.0]]
 +
| September 4, 2020
 +
| October 10, 2022
 +
| [[User:Yellows8|yellows8]]
 
|-
 
|-
 
| [[Sockets_services|bsdsockets]] ioctl SIOCGIFMEDIA input can contain ptr
 
| [[Sockets_services|bsdsockets]] ioctl SIOCGIFMEDIA input can contain ptr
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/11907"