Changes

Jump to navigation Jump to search

Switch System Flaws (view source)

Revision as of 05:23, 24 October 2023

743 bytes added ,  05:23, 24 October 2023
→‎System Modules
Line 994: Line 994:  
| January 13, 2023
 
| January 13, 2023
 
| October 20, 2023
 
| October 20, 2023
 +
| [[User:Yellows8|yellows8]]
 +
|-
 +
| [[NV_services|nv]] NVGPU_GPU_IOCTL_GET_CHARACTERISTICS Ioctl3 infoleak
 +
| The handler code for NVGPU_GPU_IOCTL_GET_CHARACTERISTICS for Ioctl/Ioctl3 are essentially the same, except for the value used for the max-size clamp: Ioctl uses constant 0xA0, while Ioctl3 uses the outbuf1_size. So if one uses this with Ioctl3 and a large outbuf1, this will memcpy data OOB from the source buffer, hence infoleak.
 +
With [17.0.0+] the second block of csel code which previouly essentially used the clamped size from above, was replaced with code which properly clamps to the max-size constant.
 +
| nvservices-sysmodule infoleak, which allows defeating ASLR.
 +
| [[17.0.0]]
 +
| [[17.0.0]]
 +
| February 25, 2022
 +
| October 24, 2023
 
| [[User:Yellows8|yellows8]]
 
| [[User:Yellows8|yellows8]]
 
|}
 
|}
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/12562"

Navigation menu