Changes

Jump to navigation Jump to search

Switch System Flaws (view source)

Revision as of 23:33, 23 February 2023

872 bytes added ,  23:33, 23 February 2023
→‎System Modules
Line 911: Line 911:  
| November 9, 2022
 
| November 9, 2022
 
| [[User:Hexkyz|hexkyz]]
 
| [[User:Hexkyz|hexkyz]]
 +
|-
 +
| [[Bluetooth_Driver_services|bluetooth]] WriteGattCharacteristic/WriteGattDescriptor stack buffer overflow regression
 +
| Originally btdrv WriteGattCharacteristic/WriteGattDescriptor (bt service LeClientWriteCharacteristic/LeClientWriteDescriptor are the same) validated the input buffer size. However the size check was removed with [12.0.0+] (which was also when bluetooth was refactored), hence stack buffer overflow. Anything with btdrv/bt services access can trigger it. While this is intended to require a BLE connection, it seems to be possible to trigger the buffer overflow without any BLE connection by passing ConnectionHandle=0xFFFFFFFF (handle not tested on hardware).
 +
| Bluetooth-sysmodule stack buffer overflow on [12.0.0-15.0.1], with data from BLE IPC cmds.
 +
| [[16.0.0]]
 +
| [[16.0.0]]
 +
| December 10, 2021
 +
| February 23, 2023
 +
| [[User:Yellows8|yellows8]]
 
|}
 
|}
  
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/12213"

Navigation menu