Ofufuza ochokera ku Checkpoint azindikira ziwopsezo zitatu (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) mu firmware ya MediaTek DSP chips, komanso chiwopsezo mu MediaTek Audio HAL audio wosanjikiza (CVE- 2021-0673). Ngati zofookazo zigwiritsiridwa ntchito bwino, wowukirayo amatha kumvera wogwiritsa ntchito papulatifomu ya Android.
Mu 2021, MediaTek imawerengera pafupifupi 37% ya tchipisi tapadera zama foni a m'manja ndi ma SoCs (malinga ndi zina, gawo lachiwiri la 2021, gawo la MediaTek pakati pa opanga tchipisi ta DSP pama foni am'manja anali 43%). Tchipisi za MediaTek DSP zimagwiritsidwanso ntchito pama foni apamwamba a Xiaomi, Oppo, Realme ndi Vivo. Tchipisi za MediaTek, zozikidwa pa microprocessor yokhala ndi zomangamanga za Tensilica Xtensa, zimagwiritsidwa ntchito m'mafoni a m'manja kuchita zinthu monga ma audio, zithunzi ndi makanema, pakompyuta yamakina owonjezereka, masomphenya apakompyuta ndi kuphunzira pamakina, komanso kukhazikitsa njira yothamangitsira mwachangu.
Munthawi yosinthira makina a firmware a tchipisi ta MediaTek DSP kutengera nsanja ya FreeRTOS, njira zingapo zidadziwika zoperekera kachidindo kumbali ya firmware ndikuwongolera magwiridwe antchito mu DSP potumiza zopempha zopangidwa mwapadera kuchokera kuzinthu zopanda mwayi papulatifomu ya Android. Zitsanzo zenizeni zowukira zidawonetsedwa pa foni yamakono ya Xiaomi Redmi Note 9 5G yokhala ndi MediaTek MT6853 (Dimensity 800U) SoC. Zadziwika kuti ma OEM alandila kale zosintha pazachiwopsezo mu October MediaTek firmware update.
Zina mwazowukira zomwe zitha kuchitidwa polemba nambala yanu pamlingo wa firmware wa chipangizo cha DSP:
- Kukula kwamwayi ndikudutsa chitetezo - jambulani mobisa monga zithunzi, makanema, zojambulira mafoni, maikolofoni, data ya GPS, ndi zina zambiri.
- Kukana ntchito ndi machitidwe oyipa - kutsekereza mwayi wopeza zidziwitso, kulepheretsa chitetezo chotenthetsera panthawi yolipira mwachangu.
- Kubisala zochita zoyipa ndikupanga zinthu zoyipa zosawoneka komanso zosachotsedwa zomwe zimachitidwa pamlingo wa firmware.
- Kuphatikizira ma tag kuti mulondole wogwiritsa ntchito, monga kuwonjezera ma tag anzeru pachithunzi kapena kanema kuti muwone ngati zomwe zatumizidwazo zikugwirizana ndi wogwiritsa ntchito.
Tsatanetsatane wa kusatetezeka kwa MediaTek Audio HAL sizinafotokozedwebe, koma zovuta zina zitatu mu firmware ya DSP zimayamba chifukwa choyang'ana malire molakwika pokonza mauthenga a IPI (Inter-Processor Interrupt) omwe amatumizidwa ndi audio_ipi audio driver ku DSP. Mavutowa amakulolani kuti mupangitse kusefukira kwa buffer m'machitidwe operekedwa ndi firmware, momwe chidziwitso cha kukula kwa deta yotumizidwa chinatengedwa kuchokera kumunda mkati mwa paketi ya IPI, popanda kuyang'ana kukula kwenikweni komwe kuli mu kukumbukira komwe kumagwirizana.
Kuti mupeze dalaivala panthawi yoyesera, mafoni olunjika a ioctls kapena laibulale ya /vendor/lib/hw/audio.primary.mt6853.so, yomwe sichipezeka ku mapulogalamu anthawi zonse a Android, idagwiritsidwa ntchito. Komabe, ofufuza apeza njira yopangira kutumiza malamulo kutengera kugwiritsa ntchito njira zowongolera zomwe zimapezeka kwa anthu ena. Zosinthazi zitha kusinthidwa poyitanitsa ntchito ya AudioManager Android kuti iwononge malaibulale a MediaTek Aurisys HAL (libfvaudio.so), omwe amapereka mafoni kuti alumikizane ndi DSP. Kuti aletse izi, MediaTek yachotsa kuthekera kogwiritsa ntchito lamulo la PARAM_FILE kudzera pa AudioManager.
Source: opennet.ru