888
edits
Changes
Jump to navigation
Jump to search
Line 568:
Line 568: − | October 11, 2022 − | Everyone − |- − | Broken RNG for [[RO_services|ro]] ASLR − | The RNG used to determine where to randomly map NROs in the target process was TinyMT (nn::os::detail::RngManager output, seeded by 128 bits of entropy). However, TinyMT is not cryptographically secure (and can in fact be analytically solved). − − Thus, with a few NRO mapping addresses, one could learn the TinyMT state and derive all previous/future RNG outputs, breaking NRO aslr for all processes. − − With [15.0.0+] ro now uses csrng_GenerateRandomBytes to determine the random map address for NROs. − | Breaking ASLR for all NROs loaded in all processes, allowing predicting all NRO mappings for all processes until the next reboot. − | [[15.0.0]] − | [[15.0.0]] − | Late 2021/Early 2022 Line 890:
Line 877: + + + + + + + + + + + +
Move ro aslr flaw to non-firm sysmodules section
| [[15.0.0]]
| [[15.0.0]]
| January 30, 2022 (presumably found much earlier?)
| January 30, 2022 (presumably found much earlier?)
| October 11, 2022
| October 11, 2022
| Everyone
| Everyone
| Everyone
| Everyone
|-
|-
| Broken RNG for [[RO_services|ro]] ASLR
| The RNG used to determine where to randomly map NROs in the target process was TinyMT (nn::os::detail::RngManager output, seeded by 128 bits of entropy). However, TinyMT is not cryptographically secure (and can in fact be analytically solved).
Thus, with a few NRO mapping addresses, one could learn the TinyMT state and derive all previous/future RNG outputs, breaking NRO aslr for all processes.
With [15.0.0+] ro now uses csrng_GenerateRandomBytes to determine the random map address for NROs.
| Breaking ASLR for all NROs loaded in all processes, allowing predicting all NRO mappings for all processes until the next reboot.
| [[15.0.0]]
| [[15.0.0]]
| Late 2021/Early 2022
| October 11, 2022
| Everyone
|}
|}