Bafuputsi ba sehlopha sa Google Project Zero ba tlalehile ho tsebahatsa bofokoli ba 18 ho modem tsa Samsung Exynos 5G/LTE/GSM. Likotsi tse 'ne tse kotsi ka ho fetesisa (CVE-2023-24033) li lumella ts'ebetso ea khoutu boemong ba baseband chip ka ho qhekella ho tsoa marang-rang a kantle a Marang-rang. Ho ea ka baemeli ba Google Project Zero, ka mor'a ho etsa lipatlisiso tse eketsehileng tse eketsehileng, bahlaseli ba nang le tsebo ba tla khona ho potlakela ho lokisetsa ts'ebetso ea ho sebetsa e etsang hore ho khonehe ho fumana taolo ka thōko ho boemo ba mohala oa mohala, ho tseba feela nomoro ea mohala ea motho ea hlokofalitsoeng. Tlhaselo e ka etsoa e sa hlokomeloe ke mosebelisi mme ha e hloke hore a etse liketso leha e le life.
Likotsi tse setseng tsa 14 li na le boemo bo tlaase bo matla, kaha tlhaselo e hloka ho fihlella lits'ebetsong tsa marang-rang a marang-rang a marang-rang kapa phihlello ea lehae ho sesebelisoa sa mosebelisi. Ntle le CVE-2023-24033, e kentsoeng ntlafatsong ea firmware ea Hlakubele bakeng sa lisebelisoa tsa Google Pixel, litaba li ntse li sa tsejoe. Ntho e 'ngoe le e' ngoe e tsejoang ka ts'oaetso ea CVE-2023-24033 ke hore e bakoa ke tlhahlobo e fosahetseng ea sebopeho sa "mofuta oa ho amohela" o fetisetsoang melaetsa ea SDP (Session Description Protocol).
Ho fihlela bofokoli bo rarolloa ke bahlahisi, basebelisi ba eletsoa ho tima tšehetso ea VoLTE (Voice-over-LTE) le ts'ebetso ea mohala oa Wi-Fi litlhophisong. Bofokoli bo hlaha ho lisebelisoa tse nang le li-chips tsa Exynos, mohlala, ho li-smartphones tsa Samsung (S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 le A04), Vivo (S16, S15, S6, X70, X60 le X30), Google Pixel (6 le 7), hammoho le lisebelisoa tse ka roaloang tse nang le chipset ea Exynos W920 le lisebelisoa tsa likoloi tse nang le chip ea Exynos Auto T5123.
Ka lebaka la kotsi ea bofokoli le 'nete ea ho hlaha ka potlako ha ts'ebetso, Google e ile ea etsa qeto ea ho etsa mokhelo molaong bakeng sa mathata a kotsi ka ho fetisisa a 4 le ho lieha ho senola tlhahisoleseding mabapi le mofuta oa mathata. Bakeng sa bofokoli bo setseng, lintlha li tla hlahisoa matsatsi a 90 ka mor'a tsebiso ea barekisi (tlhahisoleseling mabapi le bofokoli CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075 le CVE-2023 e se e fumaneha. tsamaisong ea ho latela likokoana-hloko, 'me bakeng sa tse ling tse 26076 tse setseng nako ea ho leta ea matsatsi a 9 ha e so felle). Bofokoli bo tlalehiloeng CVE-90-2023* bo bakoa ke ho phatloha ho hoholo ha buffer ha ho khethoa likhetho le manane a itseng ho li-codec tsa NrmmMsgCodec le NrSmPcoCodec.
Source: opennet.ru