Mu February Vuto lalikulu la nsanja ya Android lakhazikitsidwa (CVE-2020-0022) mu stack ya Bluetooth, yomwe imalola kugwiritsa ntchito ma code akutali potumiza paketi ya Bluetooth yopangidwa mwapadera. Vutoli silingadziwike ndi wowukira mkati mwa Bluetooth. Ndizotheka kuti chiwopsezocho chingagwiritsidwe ntchito kupanga mphutsi zomwe zimawononga zida zoyandikana nawo mu unyolo.
Kuti muwukire, ndikwanira kudziwa adilesi ya MAC ya chipangizo cha wozunzidwayo (kuphatikiza sikofunikira, koma Bluetooth iyenera kuyatsidwa pa chipangizocho). Pazida zina, adilesi ya Bluetooth MAC imatha kuwerengedwa kutengera adilesi ya Wi-Fi MAC. Ngati chiwopsezocho chikugwiritsidwa ntchito bwino, wowukirayo amatha kugwiritsa ntchito nambala yake ndi ufulu wazomwe zimagwirizanitsa ntchito ya Bluetooth mu Android.
Vuto ndilokhazikika pa stack ya Bluetooth yomwe imagwiritsidwa ntchito pa Android (kutengera kachidindo kochokera ku pulojekiti ya BlueDroid yochokera ku Broadcom) ndipo sizimawonekera pagulu la BlueZ lomwe limagwiritsidwa ntchito pa Linux.
Ofufuza omwe adazindikira vutoli adatha kukonzekera chitsanzo chogwirira ntchito, koma tsatanetsatane wa kugwiritsidwa ntchito kwake pambuyo pake, pambuyo kukonza wakhala adagulung'undisa kwa ambiri owerenga. Zimangodziwika kuti chiwopsezocho chilipo mu code yomanganso phukusi ndi mawerengedwe olakwika a kukula kwa mapaketi a L2CAP (Logical link control and adaptation protocol) mapaketi, ngati deta yotumizidwa ndi wotumizayo iposa kukula kwake.
Mu Android 8 ndi 9, vuto limatha kubweretsa kuphatikizika kwa ma code, koma mu Android 10 limangokhala ndi kuwonongeka kwa njira yakumbuyo ya Bluetooth. Zotulutsa zakale za Android zitha kukhudzidwa ndi nkhaniyi, koma kusatetezeka kwachiwopsezo sikunayesedwe. Ogwiritsa amalangizidwa kuti akhazikitse zosintha za firmware posachedwa, ndipo ngati sizingatheke, zimitsani Bluetooth mwachisawawa, kupewa kupezeka kwa chipangizocho, ndikuyatsa Bluetooth m'malo opezeka anthu ambiri pokhapokha ngati kuli kofunikira (kuphatikizanso m'malo mwa mahedifoni opanda zingwe ndi ma waya).
Kuphatikiza pavuto lomwe ladziwika mu Kukonzekera kwachitetezo kwa Android kunachotsa zofooka 26, pomwe kusatetezeka kwina (CVE-2020-0023) kudapatsidwa gawo lalikulu lachiwopsezo. Kusatetezeka kwachiwiri kulinso Bluetooth stack ndipo imalumikizidwa ndi kukonza zolakwika kwa mwayi wa BLUETOOTH_PRIVILEGED mu setPhonebookAccessPermission. Pazachiwopsezo zomwe zidadziwika kuti ndizowopsa kwambiri, nkhani za 7 zidayankhidwa pamachitidwe ndi ntchito, 4 muzinthu zamakina, 2 mu kernel, ndi 10 mu gwero lotseguka ndi zida za tchipisi ta Qualcomm.
Source: opennet.ru