Cilmi-baarayaasha isbaarada ayaa aqoonsaday saddex dayacan (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) ee MediaTek DSP chip firmware, iyo sidoo kale nuglaanta MediaTek Audio HAL (CVE-2021-0673). Haddii ay dhacdo in si guul leh looga faa'iidaysto nuglaanta, weerarku wuxuu ka dhageysan karaa isticmaale arjiga aan mudnaanta lahayn ee aaladda Android.
2021, MediaTek waxay ku xisaabtantaa ku dhawaad ββ37% shixnadaha chips-yada casriga ah ee gaarka ah iyo SoC-yada (sida laga soo xigtay ilo kale, saamiga MediaTek ee soosaarayaasha qalabka casriga ah ee DSP waxay ahayd 2021% rubuci labaad ee 43). Oo ay ku jiraan chips MediaTek DSP waxaa loo isticmaalaa taleefannada casriga ah ee Xiaomi, Oppo, Realme iyo Vivo. Iyada oo ku saleysan Tensilica Xtensa microprocessor, Chips MediaTek ayaa loo adeegsadaa taleefannada casriga ah ee loogu talagalay hawlgallada sida codka, sawirka iyo habaynta muuqaalka, xaqiiqada la kordhiyay, aragtida kombuyuutarka iyo xisaabinta barashada mashiinka, iyo dallaca degdega ah.
Inta lagu guda jiro injineernimada rogaal celiska ah ee chips MediaTek DSP ee ku salaysan FreeRTOS madal, dhowr siyaabood ayaa la helay si loo fuliyo koodka dhinaca firmware-ka iyo in la xakameeyo hawlgallada DSP-ga iyadoo loo dirayo codsiyo si gaar ah loo farsameeyey oo ka yimid codsiyada aan mudnaanta lahayn ee madal Android. Tusaalooyinka wax ku oolka ah ee weerarada ayaa lagu muujiyay Xiaomi Redmi Note 9 5G casriga ah oo ku qalabaysan SoC MediaTek MT6853 (Dimensity 800U). Waxaa la xusay in OEM-yadu ay mar hore heleen hagaajinta dayacanka Oktoobar MediaTek firmware update.
Waxaa ka mid ah weerarrada lagu fulin karo adoo ku fulinaya koodkaaga heerka firmware ee chip DSP:
- Kordhinta mudnaanta iyo marinka nidaamka xakamaynta marin-u-qaadista xogta sida sawirada, fiidiyowyada, duubista wicitaanka, xogta makarafoonka, GPS, iwm.
- Diidmada Adeegga iyo Hawlaha xaasidnimada ah - xannibista helitaanka macluumaadka, curyaaminta ilaalinta kulaylka inta lagu jiro dallaca degdega ah.
- Qarinta hawlaha xaasidnimo - abuurista gebi ahaanba aan la arki karin oo aan laga saari karin qaybaha xaasidnimada ah ee ku shaqeeya heerka firmware.
- Ku-xiridda summada si loo basaasto isticmaale, sida ku darista summada qarsoon sawir ama muuqaal si hadhow loogu xidho xogta la daabacay isticmaalaha.
Faahfaahinta u nuglaanshaha MediaTek Audio HAL weli lama shaacin, laakiin saddexda dayacan ee kale ee ku jira firmware-ka DSP waxa sababa hubinta xuduudka ee khaldan marka la socodsiinayo fariimaha IPI (Inter-Processor Interrupt) uu u soo diro darawalka maqalka audio_ipi ee DSP. Arrimahani waxay u oggolaanayaan qulqulka xad-dhaafka ah ee kontoroolka ah in lagu sameeyo maamulayaasha ay bixiso firmware, kaas oo macluumaadka ku saabsan cabbirka xogta la gudbiyay laga soo qaatay goob ku dhex jirta xirmada IPI, iyada oo aan la hubin cabbirka dhabta ah ee loo qoondeeyay xusuusta la wadaago.
Si loo galo darawalka inta lagu jiro tijaabooyinka, wicitaanada tooska ah ee ioctls ama maktabadda /vendor/lib/hw/audio.primary.mt6853.so ayaa la isticmaalay, kuwaas oo aan la heli karin codsiyada caadiga ah ee Android. Si kastaba ha ahaatee, cilmi-baarayaashu waxay heleen habab loogu talagalay soo dirida amarrada ku salaysan isticmaalka ikhtiyaarka cilladaha ee ay heli karaan codsiyada dhinac saddexaad. Halbeegyadan waxaa lagu beddeli karaa iyadoo la wacayo adeegga AudioManager Android si loo weeraro MediaTek Aurisys HAL maktabadaha (libfvaudio.so) ee bixiya wicitaannada la falgalka DSP. Si loo joojiyo hab-socodkan, MediaTek waxay meesha ka saartay awoodda isticmaalka PARAM_FILE amarka iyada oo loo marayo AudioManager.
Source: opennet.ru