N'ime ndị ọkwọ ụgbọ ala maka ibe ikuku ikuku Broadcom
Achọpụtara nsogbu ndị ahụ site na injinia reverse Broadcom firmware. A na-eji ibe ndị emetụtara eme ihe na kọmpụta, smartphones na ngwaọrụ dị iche iche nke ndị ahịa, site na SmartTV ruo na ngwaọrụ ịntanetị nke ihe. Karịsịa, a na-eji ibe Broadcom eme ihe na smartphones sitere na ndị na-emepụta ihe dịka Apple, Samsumg na Huawei. Ọ bụ ihe kwesịrị ịrịba ama na a mara ọkwa Broadcom maka adịghị ike ahụ laa azụ na Septemba 2018, mana ọ were ihe dị ka ọnwa 7 ịhapụ ndozi na nhazi na ndị na-emepụta ngwá ọrụ.
Ọdịmma abụọ na-emetụta firmware dị n'ime ma nwee ike ikwe ka emee koodu na gburugburu sistemụ arụmọrụ ejiri na Broadcom ibe, nke na-eme ka o kwe omume ịwakpo gburugburu ndị na-adịghị eji Linux (dịka ọmụmaatụ, ekwenyere ohere nke ịwakpo ngwaọrụ Apple.
Ọdịmma ndị ọkwọ ụgbọ ala na-eme na wl ọkwọ ụgbọ ala (SoftMAC na FullMAC) yana brcmfmac mepere emepe (FullMAC). Achọpụtara oke mmiri mmiri abụọ n'ime onye ọkwọ ụgbọ ala wl, na-erigbu mgbe ebe nnweta na-ebufe ozi EAPOL ahaziri ahazi n'oge usoro mkparịta ụka njikọ (enwere ike ịme mwakpo ahụ mgbe ị na-ejikọ na ebe nnweta obi ọjọọ). N'ihe banyere mgbawa nwere SoftMAC, adịghị ike na-eduga na imebi kernel sistemụ, na n'ihe banyere FullMAC, enwere ike igbu koodu ahụ n'akụkụ firmware. bcmfmac nwere oke njupụta na mperi na-enyocha fremu nke ejiri na-eziga okpomoku njikwa. Nsogbu dị na onye ọkwọ ụgbọ ala bcmfmac na Linux kernel
Achọpụtara adịghị ike:
- CVE-2019-9503 - omume na-ezighi ezi nke onye ọkwọ ụgbọ ala bcmfmac mgbe ejiri njikwa njikwa emekọrịta na firmware. Ọ bụrụ na etiti nwere mmemme firmware sitere na isi iyi dị na mpụga, onye ọkwọ ụgbọ ala na-atụfu ya, mana ọ bụrụ na enwetara mmemme ahụ site na bọs dị n'ime, a na-amafe etiti ahụ. Nsogbu a bụ na a na-ebufe ihe omume sitere na ngwaọrụ ndị na-eji USB site na bọs dị n'ime, nke na-enye ohere ka ndị na-awakpo nwee ike ibunye okpokolo agba njikwa ngwa ngwa mgbe ha na-eji ihe nkwụnye ikuku nwere interface USB;
- CVE-2019-9500 - Mgbe agbanyere atụmatụ “Teta na Ikuku LAN”, ọ ga-ekwe omume ime ka oke njupụta na ọkwọ ụgbọ ala brcmfmac (ọrụ brcmf_wowl_nd_results) site na izipu etiti njikwa ahaziri iche. Enwere ike iji adịghị ike a hazie koodu ogbugbu na isi usoro mgbe emechara mgbawa ahụ ma ọ bụ jikọtara ya na adịghị ike CVE-2019-9503 maka nlele nlele na ihe omume nke izipu oghere njikwa;
- CVE-2019-9501 - ihe nchekwa ihe na-ejupụta na onye ọkwọ ụgbọ ala wl (ọrụ wlc_wpa_sup_eapol) na-eme mgbe ị na-ahazi ozi nke ọdịnaya mpaghara ozi onye nrụpụta karịrị 32 bytes;
- CVE-2019-9502 - Ihe nkpuchi na-ejupụta na onye ọkwọ ụgbọ ala wl (ọrụ wlc_wpa_plumb_gtk) na-eme mgbe ị na-ahazi ozi nke ọdịnaya mpaghara ozi onye nrụpụta karịrị 164 bytes.
isi: opennet.ru