ProHoster > Blog > nkhani zapaintaneti > Zowopsa mu dalaivala wa ARM GPU zomwe zakhala zikugwiritsidwa ntchito kale kuukira

Zowopsa mu dalaivala wa ARM GPU zomwe zakhala zikugwiritsidwa ntchito kale kuukira

ARM yawulula zovuta zitatu zomwe zili mu madalaivala ake a GPU omwe amagwiritsidwa ntchito mu Android, ChromeOS ndi magawidwe LinuxZofookazo zimalola wogwiritsa ntchito wamba wopanda mwayi kugwiritsa ntchito code yokhala ndi ma kernel rights. Mu lipoti la chitetezo la Okutobala pa nsanjayi, Android Zatchulidwa kuti chigamba chisanatulutsidwe, chimodzi mwa ziwopsezo (CVE-2023-4211) chagwiritsidwa ntchito kale ndi owukira pogwiritsa ntchito njira zogwirira ntchito zowukira (zero-day). Mwachitsanzo, chiwopsezocho chingagwiritsidwe ntchito m'mapulogalamu oyipa omwe amagawidwa kudzera m'magwero okayikitsa kuti athe kupeza mwayi wonse wolowera mu dongosololi ndikuyika zigawo zomwe zimafufuza wogwiritsa ntchito.

Zomwe zapezeka:

  • CVE-2023-4211 - Kuchita molakwika kukumbukira kukumbukira kwa GPU kumatha kubweretsa mwayi wokumbukira makina omasulidwa kale, omwe angagwiritsidwe ntchito pochita ntchito zina mu kernel. Chiwopsezocho chimakhazikika pakusinthidwa kwa driver r43p0 kwa Mali GPUs kutengera Bifrost ndi Valhall microarchitectures, komanso 5th generation ARM GPUs. Palibe zosintha zoyendetsa zomwe zatulutsidwa kwa Midgard family GPUs.

    Kukonzaku kuperekedwanso ngati gawo la zosintha za Seputembala ku Chrome OS 114/115/116 komanso zosintha za Okutobala. AndroidMa GPU omwe ali pachiwopsezo amagwiritsidwa ntchito m'mafoni monga Google Pixel 7, Samsung S20 ndi S21, Motorola Edge 40, OnePlus Nord 2, Asus ROG Phone 6, Redmi Note 11, 12, Honor 70 Pro, RealMe GT, Xiaomi 12 Pro, Oppo Find X5 Pro, Reno 8 Pro, ndi zida zina zokhala ndi ma chips a Mediatek.

  • CVE-2023-33200 - Ntchito zolakwika za GPU zitha kupangitsa kuti pakhale mpikisano komanso mwayi wokumbukira womwe wamasulidwa kale ndi dalaivala. Chiwopsezocho chinakhazikitsidwa muzosintha zoyendetsa r44p1 ndi r45p0 za Mali GPUs kutengera Bifrost ndi Valhall microarchitectures, komanso 5th generation ARM GPUs.
  • CVE-2023-34970 Zochita zosayenera za GPU zitha kupangitsa kuti pakhale kusefukira kwa buffer komanso mwayi wokumbukira. Chiwopsezocho chinakhazikitsidwa pakusintha kwa driver r44p1 ndi r45p0 kwa Mali GPUs kutengera Valhall microarchitecture ndi 5th generation ARM GPUs.

Ponseponse, lipoti la kufooka kwa Okutobala linaphatikizapo Android Zofooka 53 zinatchulidwa, 5 mwa izo zinapatsidwa mlingo wovuta kwambiri, ndipo zina zonse zinapatsidwa mlingo wovuta kwambiri. Mavuto ovuta amalola kuukira kwakutali kuti kugwiritse ntchito ma code pa dongosololi. Mavuto omwe adalembedwa kuti ndi owopsa amalola kugwiritsa ntchito ma code potengera njira yapadera mwa kusintha mapulogalamu am'deralo. Mavuto atatu ofunikira (CVE-2023-24855, CVE-2023-28540, ndi CVE-2023-33028) adapezeka mu zigawo za Qualcomm, ndipo awiri (CVE-2023-40129, CVE-2023-4863) adapezeka mu dongosololi (mu libwebp ndi mu Bluetooth stack). Zofooka 5 zonse zidapezeka mu zigawo za ARM, 3 mu MediaTek, 1 mu Unisoc, ndi 17 mu Qualcomm (lipoti lochokera ku Qualcomm). Zofooka ziwiri (chimodzi mu ma GPU a ARM ndi chimodzi mu libwebp) zidalembedwa kuti zikugwiritsidwa ntchito kale ndi owukira pakugwiritsa ntchito kwawo (tsiku 0).

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster