Mu madalaivala a Broadcom opanda zingwe tchipisi anayi . Munthawi yosavuta kwambiri, zofooka zitha kugwiritsidwa ntchito kuletsa ntchito patali, koma zochitika sizingasiyidwe momwe zinthu zitha kupangidwira zomwe zimalola wowukira wosavomerezeka kuti apereke ma code awo ndi mwayi wa Linux kernel potumiza mapaketi opangidwa mwapadera.
Mavuto adadziwika ndi reverse engineering firmware ya Broadcom. Tchipisi zomwe zakhudzidwa zimagwiritsidwa ntchito kwambiri m'ma laputopu, mafoni am'manja ndi zida zosiyanasiyana zogula, kuchokera ku SmartTVs kupita ku zida zapaintaneti. Makamaka, tchipisi ta Broadcom amagwiritsidwa ntchito m'mafoni am'manja kuchokera kwa opanga monga Apple, Samsumg ndi Huawei. Ndizofunikira kudziwa kuti Broadcom idadziwitsidwa za zovutazo mu Seputembala 2018, koma zidatenga pafupifupi miyezi 7 kumasula zosintha mogwirizana ndi opanga zida.
Ziwopsezo ziwiri zimakhudza firmware yamkati ndipo zitha kulola kuti code ichitike m'malo ogwiritsira ntchito omwe amagwiritsidwa ntchito mu tchipisi ta Broadcom, zomwe zimapangitsa kuti ziwukire malo omwe sagwiritsa ntchito Linux (mwachitsanzo, kuthekera kowononga zida za Apple kwatsimikiziridwa. ). Tikumbukire kuti tchipisi ta Broadcom Wi-Fi ndi purosesa yapadera (ARM Cortex R4 kapena M3), yomwe imayendetsa makina ogwiritsira ntchito omwe ali ndi kukhazikitsidwa kwa 802.11 opanda zingwe stack (FullMAC). Mu tchipisi zotere, dalaivala amaonetsetsa kuyanjana kwadongosolo lalikulu ndi firmware ya chip ya Wi-Fi. Kuti muthe kuwongolera dongosolo lalikulu pambuyo poti FullMAC itasokonezedwa, ikufuna kugwiritsa ntchito zovuta zina kapena, pa tchipisi zina, gwiritsani ntchito mwayi wofikira kukumbukira kwamakina. Mu tchipisi chokhala ndi SoftMAC, stack ya 802.11 yopanda zingwe imayikidwa kumbali yoyendetsa ndikuchitidwa pogwiritsa ntchito CPU.
Zowopsa za oyendetsa zimawonekera mu wl driver (SoftMAC ndi FullMAC) ndi gwero lotseguka brcmfmac (FullMAC). Kusefukira kuwiri kwa buffer kudapezeka mu dalaivala wa wl, kumagwiritsidwa ntchito pomwe malo ofikira amatumiza mauthenga opangidwa mwapadera a EAPOL panthawi yolumikizirana (kuwukirako kutha kuchitika mukalumikizana ndi malo oyipa). Pankhani ya chip yokhala ndi SoftMAC, kusatetezeka kumayambitsa kusokonekera kwa kernel yadongosolo, ndipo pankhani ya FullMAC, code ikhoza kuchitidwa kumbali ya firmware. bcmfmac ili ndi kusefukira kwa buffer ndi cholakwika chowunikira chimagwiritsidwa ntchito potumiza mafelemu owongolera. Mavuto ndi dalaivala wa bcmfmac mu Linux kernel mu February.
Zowopsa zomwe zidazindikirika:
- CVE-2019-9503 - khalidwe lolakwika la dalaivala wa brcmfmac pokonza mafelemu owongolera omwe amagwiritsidwa ntchito polumikizana ndi firmware. Ngati chimango chokhala ndi chochitika cha firmware chimachokera kunja, dalaivala amachitaya, koma ngati chochitikacho chikulandiridwa kudzera m'basi yamkati, chimango chimadumphidwa. Vuto ndiloti zochitika kuchokera ku zipangizo zogwiritsira ntchito USB zimafalitsidwa kudzera mu basi yamkati, yomwe imalola otsutsa kuti azitha kutumiza mafelemu olamulira a firmware pogwiritsa ntchito ma adapter opanda waya ndi mawonekedwe a USB;
- CVE-2019-9500 - Ntchito ya "Kudzuka pa Wireless LAN" ikayatsidwa, ndizotheka kuchititsa mulu kusefukira mu driver wa brcmfmac (function brcmf_wowl_nd_results) potumiza chimango chowongolera mwapadera. Chiwopsezochi chitha kugwiritsidwa ntchito kukonza ma code mu dongosolo lalikulu chip chikasokonezedwa kapena kuphatikiza ndi CVE-2019-9503 pachiwopsezo chodutsa macheke pakachitika kutumiza kwakutali kwa chimango chowongolera;
- CVE-2019-9501 - buffer kusefukira mu wl driver (ntchito ya wrc_wpa_sup_eapol) yomwe imachitika pokonza mauthenga omwe gawo lawo lazidziwitso la wopanga limaposa 32 byte;
- CVE-2019-9502 - Kusefukira kwa buffer mu wl driver (wlc_wpa_plumb_gtk function) kumachitika mukakonza mauthenga omwe gawo lawo lazidziwitso la wopanga limaposa 164 byte.
Source: opennet.ru