Changes

Jump to navigation Jump to search

Switch System Flaws (view source)

Revision as of 03:45, 17 December 2018

117 bytes added ,  03:45, 17 December 2018
bad sdram parsing is a single bug, elaborate on other arb writes some.
Line 68: Line 68:     
The code that parses these parameters does if (params->EmcBctSpareN) *params->EmcBctSpareN = params->EmcBctSpareNPlusOne for most N, without validating either the address or value written to it.
 
The code that parses these parameters does if (params->EmcBctSpareN) *params->EmcBctSpareN = params->EmcBctSpareNPlusOne for most N, without validating either the address or value written to it.
There are other arbitrary writes in this code, as well.
+
There are other arbitrary writes in this code, as well (e.g. BootromPatch parameters intended for patching MISC registers do not check a relative offset to 0x7000000, etc).
    
This allows a user with access to the PMC registers (via pre-sleep bpmp execution, or otherwise) to gain arbitrary bootrom code execution.
 
This allows a user with access to the PMC registers (via pre-sleep bpmp execution, or otherwise) to gain arbitrary bootrom code execution.
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/5822"

Navigation menu