Ho bakhanni ba li-chips tse se nang mohala tsa Broadcom nne . Boemong bo bonolo ka ho fetesisa, bofokoli bo ka sebelisoa ho baka ho haneloa ha ts'ebeletso, empa maemo a ke ke a qheleloa ka thoko ao ho ona ho ka hlahisoang liketso tse tla lumella mohlaseli ea sa netefatsoang hore a phethe khoutu ea bona ka litokelo tsa Linux kernel ka ho romella lipakete tse etselitsoeng ka ho khetheha.
Mathata a ile a khetholloa ka boenjiniere ba morao-rao ea firmware ea Broadcom. Li-chips tse amehileng li sebelisoa haholo ka har'a lilaptop, li-smartphones le lisebelisoa tse fapaneng tsa bareki, ho tloha ho li-SmartTV ho isa lisebelisoa tsa Marang-rang. Haholo-holo, li-chips tsa Broadcom li sebelisoa ho li-smartphones tse tsoang ho bahlahisi ba kang Apple, Samsumg le Huawei. Hoa hlokomeleha hore Broadcom e tsebisitsoe ka bofokoli morao koana ka Loetse 2018, empa ho nkile likhoeli tse ka bang 7 ho lokolla litokiso ka tšebelisano le baetsi ba lisebelisoa.
Mefokolo e 'meli e ama firmware ea ka hare mme e ka lumella khoutu ho etsoa tikolohong ea sistimi e sebetsang e sebelisoang ho li-chips tsa Broadcom, e etsang hore ho khonehe ho hlasela libaka tse sa sebeliseng Linux (mohlala, monyetla oa ho hlasela lisebelisoa tsa Apple o netefalitsoe. ). A re hopoleng hore li-chips tse ling tsa Broadcom Wi-Fi ke processor e ikhethileng (ARM Cortex R4 kapa M3), e tsamaisang sistimi e ts'oanang e nang le ts'ebetsong ea eona 802.11 wireless stack (FullMAC). Litabeng tse joalo, mokhanni o tiisa ho sebelisana ha sistimi e kholo le Wi-Fi chip firmware. Ho fumana taolo e felletseng holim'a sistimi e kholo kamora hore FullMAC e senyehe, ho khothaletsoa ho sebelisa bofokoli bo eketsehileng kapa, ho li-chips tse ling, nka monyetla oa phihlello e felletseng ea mohopolo oa sistimi. Ka li-chips tse nang le SoftMAC, stack ea 802.11 e se nang mohala e kenngoa ka lehlakoreng la mokhanni 'me e etsoa ho sebelisoa CPU ea tsamaiso.
Bofokoli ba bakhanni bo hlaha ho mokhanni oa wl ea nang le thepa (SoftMAC le FullMAC) le mohloli o bulehileng oa brcmfmac (FullMAC). Li-buffer tse peli li ile tsa fumanoa ho mokhanni oa wl, li sebelisoa hampe ha sebaka sa ho fihlella se fetisa melaetsa ea EAPOL e hlophisitsoeng ka mokhoa o khethehileng nakong ea puisano ea puisano (tlhaselo e ka etsoa ha o hokela sebakeng se kotsi sa phihlello). Tabeng ea chip e nang le SoftMAC, bofokoli bo lebisa kotsing ea kernel ea tsamaiso, 'me tabeng ea FullMAC, khoutu e ka etsoa ka lehlakoreng la firmware. bcmfmac e na le buffer overflow le phoso ea ho hlahloba foreimi e sebelisitsoeng hampe ka ho romela liforeimi tsa taolo. Mathata ka mokhanni oa bcmfmac ho Linux kernel ka Hlakola.
Bofokoli bo bonts'itsoeng:
- CVE-2019-9503 - boitšoaro bo fosahetseng ba mokhanni oa brcmfmac ha o sebetsana le liforeimi tsa taolo tse sebelisoang ho sebelisana le firmware. Haeba foreimi e nang le ketsahalo ea firmware e tsoa mohloling o ka ntle, mokhanni oa e lahla, empa haeba ketsahalo e amoheloa ka bese e ka hare, foreimi e tlōloa. Bothata ke hore liketsahalo tse tsoang lisebelisoa tse sebelisang USB li fetisoa ka bese e ka hare, e lumellang bahlaseli hore ba atlehe ho fetisetsa liforeimi tsa taolo ea firmware ha ba sebelisa li-adapter tse se nang mohala tse nang le sebopeho sa USB;
- CVE-2019-9500 - Ha karolo ea "Wake-up on Wireless LAN" e nolofalitsoe, ho ka khoneha ho baka qubu e khaphatsehang ho mokhanni oa brcmfmac (function brcmf_wowl_nd_results) ka ho romela foreimi ea taolo e fetotsoeng ka ho khetheha. Kotsi ena e ka sebelisoa ho hlophisa ts'ebetso ea khoutu tsamaisong e kholo ka mor'a hore chip e senyehe kapa e kopane le ts'oaetso ea CVE-2019-9503 ea ho feta licheke ha ho ka romeloa hole ea foreimi ea taolo;
- CVE-2019-9501 - buffer e phalla ho mokhanni oa wl (mosebetsi oa wrc_wpa_sup_eapol) e hlahang ha ho sebetsa melaetsa eo litaba tsa eona tsa tšimo ea moetsi li fetang li-byte tse 32;
- CVE-2019-9502 - Buffer e phalla ho mokhanni oa wl (wlc_wpa_plumb_gtk function) e etsahala ha ho sebetsa melaetsa eo litaba tsa eona tsa tlhahiso-leseling ea moetsi li fetang li-byte tse 164.
Source: opennet.ru