2,939
edits
Changes
Jump to navigation
Jump to search
Line 70:
Line 70: − + − + Line 98:
Line 98: − + − + Line 108:
Line 108: − + Line 171:
Line 171: − + Line 241:
Line 241: − +
just fixing dates and links
| [[3.0.0]]
| [[3.0.0]]
| [[3.0.0]]
| [[3.0.0]]
| late summer/early fall 2017
| Late summer/early fall 2017
| December 31, 2017
| December 31, 2017
| SciresM, Motezazer
| [[User:SciresM|SciresM]], [[User:motezazer|motezazer]]
|-
|-
|}
|}
| December 2017 (Probably earlier by others)
| December 2017 (Probably earlier by others)
| January 18, 2018
| January 18, 2018
| SciresM, probably others.
| [[User:SciresM|SciresM]], probably others.
|-
|-
| jamais vu (non-secure world access to PMC MMIO and pre-deep sleep firmware)
| jamais vu (non-secure world access to PMC MMIO and pre-deep sleep firmware)
| On [[1.0.0]], one could map in the PMC registers in userland. In addition, [[am|AM Services]] ran a little-kernel based firmware on the BPMP at runtime. With code execution under am, one could modify the BPMP's little-kernel firmware to hook deep sleep entry, and modify TrustZone/Security engine state.
| On [[1.0.0]], one could map in the PMC registers in userland. In addition, [[AM_services|am]] ran a little-kernel based firmware on the BPMP at runtime. With code execution under am, one could modify the BPMP's little-kernel firmware to hook deep sleep entry, and modify TrustZone/Security engine state.
This was fixed in [[2.0.0]] by making the PMC secure-world only, blacklisting the BPMP's exception vectors from being mapped, and thoroughly checking for malicious behavior on deep sleep entry.
This was fixed in [[2.0.0]] by making the PMC secure-world only, blacklisting the BPMP's exception vectors from being mapped, and thoroughly checking for malicious behavior on deep sleep entry.
| [[2.0.0]]
| [[2.0.0]]
| December, 2017
| December, 2017
| January 20, 2017
| January 20, 2018
| [[User:SciresM|SciresM]] and [[User:motezazer|motezazer]]
| [[User:SciresM|SciresM]] and [[User:motezazer|motezazer]]
|-
|-
| January 2018
| January 2018
| January 2018
| January 2018
| SciresM, yellows8
| [[User:SciresM|SciresM]], [[User:Yellows8|yellows8]]
|-
|-
|}
|}
| August 4, 2017
| August 4, 2017
| August 6, 2017
| August 6, 2017
| [[User: shinyquagsire23|Shiny Quagsire]], [[User:Yellows8|Yellows8]] (independently)
| [[User: shinyquagsire23|Shiny Quagsire]], [[User:Yellows8|yellows8]] (independently)
|-
|-
| OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names)
| OOB Read in NS system module (pl:utoohax, pl:utonium, maybe other names)