Ho bakhanni ba li-chips tse se nang mohala tsa Broadcom nne Tabeng e bonolo ka ho fetisisa, bofokoli bo ka sebelisoa ho baka ho haneloa ha tšebeletso hole, empa maemo a ke ke a qheleloa ka thoko moo ho ka hlahisoang mekhoa e mebe e lumellang mohlaseli ea sa netefatsoang ho phethahatsa khoutu ea hae ka litokelo tsa kernel. Linux ka ho romela liphutheloana tse entsoeng ka mokhoa o khethehileng.
Mathata a ile a khetholloa ka boenjiniere ba morao-rao ea firmware ea Broadcom. Li-chips tse amehileng li sebelisoa haholo ka har'a lilaptop, li-smartphones le lisebelisoa tse fapaneng tsa bareki, ho tloha ho li-SmartTV ho isa lisebelisoa tsa Marang-rang. Haholo-holo, li-chips tsa Broadcom li sebelisoa ho li-smartphones tse tsoang ho bahlahisi ba kang Apple, Samsumg le Huawei. Hoa hlokomeleha hore Broadcom e tsebisitsoe ka bofokoli morao koana ka Loetse 2018, empa ho nkile likhoeli tse ka bang 7 ho lokolla litokiso ka tšebelisano le baetsi ba lisebelisoa.
Bofokoli bo babeli bo ama firmware ea ka hare 'me bo ka' na ba lumella ho kenngoa tšebetsong ha khoutu tikolohong ea sistimi e sebetsang e sebelisoang ho li-chip tsa Broadcom, e leng se lumellang litlhaselo libakeng tse sa sebeliseng. Linux (mohlala, monyetla oa ho hlasela lisebelisoa tsa Apple o tiisitsoe, ). A re hopoleng hore li-chips tse ling tsa Broadcom Wi-Fi ke processor e ikhethileng (ARM Cortex R4 kapa M3), e tsamaisang sistimi e ts'oanang e nang le ts'ebetsong ea eona 802.11 wireless stack (FullMAC). Litabeng tse joalo, mokhanni o tiisa ho sebelisana ha sistimi e kholo le Wi-Fi chip firmware. Ho fumana taolo e felletseng holim'a sistimi e kholo kamora hore FullMAC e senyehe, ho khothaletsoa ho sebelisa bofokoli bo eketsehileng kapa, ho li-chips tse ling, nka monyetla oa phihlello e felletseng ea mohopolo oa sistimi. Ka li-chips tse nang le SoftMAC, stack ea 802.11 e se nang mohala e kenngoa ka lehlakoreng la mokhanni 'me e etsoa ho sebelisoa CPU ea tsamaiso.
Bofokodi ba mokhanni bo ama mokhanni oa wl (SoftMAC le FullMAC) le brcmfmac ea mohloli o bulehileng (FullMAC). Ho ile ha fumanoa ho phatloha ha buffer habeli ho mokhanni oa wl, ha sebelisoa hampe ha sebaka sa phihlello se fetisa melaetsa ea EAPOL e entsoeng ka ho khetheha nakong ea puisano ea khokahano (tlhaselo e ka etsoa ha ho hokahanngoa le sebaka sa phihlello se kotsi). Tabeng ea chip ea SoftMAC, bofokodi bo lebisa ho sekisetsa ha kernel, ha tabeng ea FullMAC, ts'ebetso ea khoutu e ka etsahala ho firmware. Ho brcmfmac, ho phatloha ha buffer le phoso ea netefatso ea foreimi li teng, li sebelisoa hampe ka ho romela liforeimi tsa taolo. Ho kernel Linux mathata ka mokhanni oa brcmfmac ka Hlakola.
Bofokoli bo bonts'itsoeng:
- CVE-2019-9503 - boitšoaro bo fosahetseng ba mokhanni oa brcmfmac ha o sebetsana le liforeimi tsa taolo tse sebelisoang ho sebelisana le firmware. Haeba foreimi e nang le ketsahalo ea firmware e tsoa mohloling o ka ntle, mokhanni oa e lahla, empa haeba ketsahalo e amoheloa ka bese e ka hare, foreimi e tlōloa. Bothata ke hore liketsahalo tse tsoang lisebelisoa tse sebelisang USB li fetisoa ka bese e ka hare, e lumellang bahlaseli hore ba atlehe ho fetisetsa liforeimi tsa taolo ea firmware ha ba sebelisa li-adapter tse se nang mohala tse nang le sebopeho sa USB;
- CVE-2019-9500 - Ha karolo ea "Wake-up on Wireless LAN" e nolofalitsoe, ho ka khoneha ho baka qubu e khaphatsehang ho mokhanni oa brcmfmac (function brcmf_wowl_nd_results) ka ho romela foreimi ea taolo e fetotsoeng ka ho khetheha. Kotsi ena e ka sebelisoa ho hlophisa ts'ebetso ea khoutu tsamaisong e kholo ka mor'a hore chip e senyehe kapa e kopane le ts'oaetso ea CVE-2019-9503 ea ho feta licheke ha ho ka romeloa hole ea foreimi ea taolo;
- CVE-2019-9501 - buffer e phalla ho mokhanni oa wl (mosebetsi oa wrc_wpa_sup_eapol) e hlahang ha ho sebetsa melaetsa eo litaba tsa eona tsa tšimo ea moetsi li fetang li-byte tse 32;
- CVE-2019-9502 - Buffer e phalla ho mokhanni oa wl (wlc_wpa_plumb_gtk function) e etsahala ha ho sebetsa melaetsa eo litaba tsa eona tsa tlhahiso-leseling ea moetsi li fetang li-byte tse 164.
Source: opennet.ru
