Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Chiwopsezo cha ma module opanda zingwe a Samsung Exynos omwe amagwiritsidwa ntchito pa intaneti

Chiwopsezo cha ma module opanda zingwe a Samsung Exynos omwe amagwiritsidwa ntchito pa intaneti

Ofufuza a gulu la Google Project Zero adanenanso kuti anthu 18 ali pachiwopsezo mu Samsung Exynos 5G/LTE/GSM modem. Ziwopsezo zinayi zowopsa (CVE-2023-24033) zimalola kuphedwa kwa ma code pa baseband chip level kudzera m'malo opezeka pa intaneti. Malinga ndi oimira Google Project Zero, atachita kafukufuku wowonjezera pang'ono, owukira aluso azitha kukonzekera mwachangu ntchito yomwe imapangitsa kuti athe kuwongolera patali pamlingo wopanda zingwe, podziwa nambala yafoni ya wozunzidwayo. Kuukira kungathe kuchitika mosazindikira ndi wogwiritsa ntchito ndipo sikufuna kuti achite chilichonse.

Zowonongeka za 14 zotsalira zimakhala ndi mlingo wochepa kwambiri, popeza kuukira kumafuna kupeza zipangizo zamtundu wa mafoni a m'manja kapena kugwiritsira ntchito chipangizo cha wosuta. Kupatula CVE-2023-24033, yomwe idasinthidwa mu Marichi firmware yosintha pazida za Google Pixel, zovutazo sizidasinthidwe. Zonse zomwe zimadziwika za kusatetezeka kwa CVE-2023-24033 ndikuti zimayambitsidwa ndi cheke cholakwika cha mtundu wa "kuvomereza-mtundu" womwe umafalitsidwa mu mauthenga a SDP (Session Description Protocol).

Mpaka zofookazo zitakhazikitsidwa ndi opanga, ogwiritsa ntchito amalangizidwa kuti aletse chithandizo cha VoLTE (Voice-over-LTE) ndi ntchito yoyimba foni ya Wi-Fi pamakonzedwe. Zowopsa zimawonekera pazida zomwe zili ndi tchipisi ta Exynos, mwachitsanzo, mu mafoni a Samsung (S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 ndi A04), Vivo (S16, S15, S6, X70, X60 ndi X30), Google Pixel (6 ndi 7), komanso zida zovala zokhala ndi Exynos W920 chipset ndi makina amagalimoto okhala ndi Exynos Auto T5123 chip.

Chifukwa cha kuopsa kwa chiwopsezo komanso zenizeni za kuwonekera kofulumira kwa ntchito, Google idaganiza zosiya lamuloli pamavuto 4 owopsa kwambiri ndikuchedwetsa kuwululidwa kwazomwe zachitika. Pazovuta zomwe zatsala, zambiri zidzawululidwa patatha masiku 90 chidziwitso cha ogulitsa (zambiri pazavuto CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075 ndi CVE-2023 ilipo kale. mu njira yolondolera kachilomboka, ndi zina 26076 zotsala nthawi yodikirira masiku 9 sinathe). Zowopsa zomwe zanenedwa za CVE-90-2023* zimayambitsidwa ndi kusefukira kwa bafa posankha zosankha ndi mindandanda mu NrmmMsgCodec ndi NrSmPcoCodec codecs.

Source: opennet.ru

Kuwonjezera ndemanga