Vanotsvaga kubva kuCheckpoint vaona kusazvibata kutatu (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) mune firmware yeMediaTek DSP chips, pamwe nekusagadzikana muMediaTek Audio HAL audio processing layer (CVE- 2021- 0673). Kana kusadzivirirwa kwacho kuchishandiswa zvinobudirira, munhu anorwisa anogona kuteerera mushandisi kubva kune isina njodzi application yepuratifomu yeAroid.
Muna 2021, MediaTek inoverengera ingangoita makumi matatu nenomwe muzana ekutakura ehunyanzvi machipisi emafoni uye maSoCs (maererano nedzimwe dhata, muchikamu chechipiri cha37, mugove weMediaTek pakati pevagadziri veDSP machipisi emafoni aive makumi mana nematatu%). MediaTek DSP machipi anoshandiswawo mumureza smartphones naXiaomi, Oppo, Realme uye Vivo. MediaTek chips, yakavakirwa pamicroprocessor ine Tensilica Xtensa architecture, anoshandiswa mumafoni emafoni kuita mashandiro akadai seodhiyo, mufananidzo uye vhidhiyo kugadzirisa, mukombuta yeaugmented reality system, kuona komputa uye kudzidza muchina, pamwe nekuita nekukurumidza kuchaja modhi.
Munguva yekudzosera kumashure einjiniya yeFirmware yeMediaTek DSP chips yakavakirwa paFreeRTOS papuratifomu, nzira dzakati wandei dzakaonekwa dzekuita kodhi padivi refirmware uye kuwana kutonga pamusoro pekushanda muDSP nekutumira zvakagadzirirwa zvikumbiro kubva kune zvisina tsarukano zvikumbiro zvepuratifomu yeAroid. Mienzaniso inoshanda yekurwiswa yakaratidzwa paXiaomi Redmi Note 9 5G smartphone ine MediaTek MT6853 (Dimensity 800U) SoC. Izvo zvinocherechedzwa kuti maOEM akatowana zvigadziriso zvekusagadzikana muna Gumiguru MediaTek firmware update.
Pakati pekurwiswa kunogona kuitwa nekuita kodhi yako padanho re firmware yeDSP chip:
- Ropafadzo yekukwira uye chengetedzo yekupfuura - tora chinyararire data senge mafoto, mavhidhiyo, kufona zvakarekodhwa, maikorofoni data, GPS data, nezvimwe.
- Kuramba sevhisi uye zviito zvakashata - kuvharira kuwana ruzivo, kudzima kudzivirira kwekupisa panguva yekuchaja nekukurumidza.
- Kuvanza kuita kwakashata ndiko kusikwa kwezvisingaonekwe uye zvisingabviswe zvinhu zvakashata zvinoitwa padanho re firmware.
- Kubatanidza ma tag ekutevera mushandisi, sekuwedzera ma tag akangwara pamufananidzo kana vhidhiyo kuti uone kana data yakatumirwa ine chekuita nemushandisi.
Tsanangudzo yekusagadzikana muMediaTek Audio HAL haisati yaburitswa, asi humwe hutatu hwekusagadzikana muDSP firmware hunokonzereswa nekutariswa kwemuganho kusiri iko paunenge uchigadzirisa IPI (Inter-Processor Interrupt) mameseji anotumirwa neaudio_ipi mutyairi wedhiyo kuDSP. Matambudziko aya anokutendera kuti ukonzerese kuputika kwebuffer mukubata kwakapihwa neiyo firmware, umo ruzivo nezve saizi ye data yakatamiswa yakatorwa kubva kumunda mukati meIPI packet, pasina kutarisa saizi chaiyo iri mundangariro yakagovaniswa.
Kuti uwane mutyairi panguva yekuedza, yakananga ioctls mafoni kana iyo /vendor/lib/hw/audio.primary.mt6853.so raibhurari, iyo isingawanikwe kune yakajairwa Android application, yakashandiswa. Nekudaro, vaongorori vakawana workaround yekutumira mirairo zvichienderana nekushandiswa kwesarudzo dzekugadzirisa dzinowanikwa kune wechitatu-bato zvikumbiro. Aya ma paramita anogona kuchinjwa nekudaidza iyo AudioManager Android sevhisi kurwisa maraibhurari eMediaTek Aurisys HAL (libfvaudio.so), ayo anopa mafoni ekudyidzana neDSP. Kuvhara iyi workaround, MediaTek yakabvisa kugona kushandisa PARAM_FILE kuraira kuburikidza neAudioManager.
Source: opennet.ru