Mune vatyairi veBroadcom wireless chips vana . Muchiitiko chakareruka, kusadzivirirwa kunogona kushandiswa kukonzeresa kuremerwa kwesevhisi, asi mamiriro ezvinhu haagone kutongerwa kunze uko mashandisirwo anogona kuvandudzwa anobvumira anorwisa asina kutenderwa kuti aite kodhi yavo neLinux kernel ropafadzo nekutumira akagadzirirwa mapaketi.
Matambudziko akaonekwa nereverse engineering iyo Broadcom firmware. Iwo machipisi akakanganisika anoshandiswa zvakanyanya mumalaptops, mafoni uye akasiyana emidziyo yevatengi, kubva kuSmartTVs kuenda kuInternet yezvinhu zvishandiso. Kunyanya, machipisi eBroadcom anoshandiswa mumafoni kubva kuvagadziri vakaita seApple, Samsumg uye Huawei. Zvinokosha kuziva kuti Broadcom yakaziviswa nezvekusagadzikana kumashure munaGunyana 2018, asi zvakatora inenge mwedzi 7 kuburitsa zvigadziriso mukubatana nevagadziri vemidziyo.
Kukanganisa kuviri kunokanganisa firmware yemukati uye kunogona kubvumidza kodhi kuti iitwe munharaunda yeanoshanda sisitimu inoshandiswa muBroadcom chips, izvo zvinoita kuti zvikwanise kurwisa nharaunda dzisingashandisi Linux (semuenzaniso, mukana wekurwisa Apple zvishandiso wakasimbiswa. ) Ngatiyeukei kuti mamwe Broadcom Wi-Fi machipi inyanzvi processor (ARM Cortex R4 kana M3), iyo inomhanyisa yakafanana sisitimu yekushandisa ine mashandisirwo eiyo 802.11 isina waya stack (FullMAC). Mune machipisi akadaro, mutyairi anovimbisa kupindirana kweiyo huru sisitimu neWi-Fi chip firmware. Kuti uwane hutongi hwakazara pamusoro peiyo huru sisitimu mushure mekunge FullMAC yakanganiswa, inokurudzirwa kushandisa humwe hurema kana, pane mamwe machipi, tora mukana wekuwana kuzere kune system memory. Mune machipisi ane SoftMAC, iyo 802.11 isina waya stack inoiswa parutivi rwemutyairi uye inoitwa uchishandisa system CPU.
Kusagadzikana kwemutyairi kunoonekwa mune ese ari maviri wl mutyairi (SoftMAC uye FullMAC) uye yakavhurika sosi brcmfmac (FullMAC). Maviri mabhafa mafashama akaonekwa mumutyairi wewl, akashandiswa apo nzvimbo yekupinda inotumira yakarongedzerwa mameseji eEAPOL panguva yekubatanidza kutaurirana maitiro (kurwiswa kunogona kuitwa kana uchibatanidza kune yakaipa yekupinda nzvimbo). Panyaya yechip neSoftMAC, kusasimba kunotungamira mukukanganisika kweiyo system kernel, uye mune yeFullMAC, iyo kodhi inogona kuurayiwa padivi re firmware. bcmfmac ine buffer kufashukira uye furemu yekutarisa kukanganisa yakashandiswa nekutumira mafuremu ekudzora. Matambudziko nemutyairi webrcmfmac muLinux kernel muna February.
Zvinozivikanwa vulnerabilities:
- CVE-2019-9503 - hunhu husina kunaka hwemutyairi webrcmfmac kana uchigadzira mafuremu ekudzora anoshandiswa kupindirana neiyo firmware. Kana furemu ine chiitiko che firmware ichibva kune yekunze sosi, mutyairi anoirasa, asi kana chiitiko ichi chikagamuchirwa kuburikidza nemukati bhazi, furemu inosvetuka. Dambudziko nderokuti zviitiko kubva kune zvigadzirwa zvinoshandisa USB zvinoparidzirwa kuburikidza nebhazi remukati, izvo zvinobvumira vanorwisa kuti vabudirire kutumira firmware control frames pavanoshandisa madhigirii asina waya ane USB interface;
- CVE-2019-9500 - Kana iyo "Wake-up on Wireless LAN" ficha ikagoneswa, zvinokwanisika kukonzera murwi kufashukira mubrcmfmac mutyairi (basa brcmf_wowl_nd_results) nekutumira yakanyatsogadziridzwa yekudzora furemu. Kusagadzikana uku kunogona kushandiswa kuronga kuurayiwa kwekodhi mune huru sisitimu mushure mekunge chip yakanganiswa kana musanganiswa neCVE-2019-9503 kusagadzikana kwekupfuura cheki kana chiitiko chekutumira kure chekudzora furemu;
- CVE-2019-9501 - buffer inofashukira mumutyairi wewl (iyo wrc_wpa_sup_eapol basa) inoitika kana kugadzirisa mameseji ane ruzivo rwemugadziri wemunda wemukati anopfuura makumi matatu nemaviri bytes;
- CVE-2019-9502 - Iyo buffer inofashukira muwl mutyairi (wlc_wpa_plumb_gtk basa) inoitika kana kugadzirisa mameseji ane ruzivo rwemugadziri wemunda wemukati unodarika 164 bytes.
Source: opennet.ru