Abaphandi abavela kwi-Checkpoint bachonge ubuthathaka obuthathu (CVE-2021-0661, CVE-2021-0662, CVE-2021-0663) kwi-firmware ye-MediaTek DSP chips, kunye nokuba sesichengeni kwiMediaTek Audio HAL audio processing layer (CVE- 2021- 0673). Ukuba ubuthathaka buxhatshazwe ngempumelelo, umhlaseli unokumamela umsebenzisi kwisicelo esingafanelekanga seqonga le-Android.
Ngo-2021, iMediaTek ibalelwa malunga ne-37% yokuthunyelwa kweechips ezikhethekileyo kwii-smartphones kunye nee-SoCs (ngokwenye idatha, kwikota yesibini ka-2021, isabelo seMediaTek phakathi kwabavelisi bee-chips ze-DSP zee-smartphones sasingama-43%). Iichips zeMediaTek DSP zikwasetyenziswa kwii-smartphones eziphambili nguXiaomi, Oppo, Realme kunye neVivo. Iichips zeMediaTek, ezisekwe kwi-microprocessor ene-architecture ye-Tensilica Xtensa, zisetyenziswa kwii-smartphones ukwenza imisebenzi efana ne-audio, umfanekiso kunye nokulungiswa kwevidiyo, kwi-computing yeenkqubo zokwenyani ezongeziweyo, umbono wekhompyutha kunye nokufunda koomatshini, kunye nokuphumeza imo yokutshaja ngokukhawuleza.
Ngexesha lobunjineli obungasemva be-firmware yeechips zeMediaTek DSP ezisekwe kwiqonga leFreeRTOS, iindlela ezininzi ziye zachongwa ukwenza ikhowudi kwicala le-firmware kwaye ufumane ulawulo olusebenzayo kwi-DSP ngokuthumela izicelo eziyilwe ngokukhethekileyo kwizicelo ezingafanelekanga zeqonga le-Android. Imizekelo esebenzayo yohlaselo yaboniswa kwi-Xiaomi Redmi Note 9 5G smartphone exhotyiswe ngeMediaTek MT6853 (Dimensity 800U) SoC. Kuqatshelwe ukuba ii-OEMs sele zifumene ukulungiswa kobuthathaka kuhlaziyo lwe-firmware ye-MediaTek ka-Okthobha.
Phakathi kohlaselo olunokuthi lwenziwe ngokwenza ikhowudi yakho kwinqanaba le-firmware ye-chip ye-DSP:
- Ukunyuka kwamalungelo kunye nokhuseleko lokugqitha-ukubamba ngokufihlakeleyo idatha enje ngeefoto, iividiyo, ukurekhodwa komnxeba, idatha yemakrofoni, idatha yeGPS, njl.
- Ukukhanyela inkonzo kunye nezenzo ezikhohlakeleyo - ukuvala ukufikelela kulwazi, ukukhubaza ukukhuselwa kokushisa ngexesha lokuhlawula ngokukhawuleza.
- Ukufihla umsebenzi okhohlakeleyo kukudalwa kwezinto ezinobungozi ezingabonakaliyo ngokupheleleyo nezingenakushenxiswa ezenziwe kwinqanaba le-firmware.
- Ukuncamathisela iithegi ukulandelela umsebenzisi, njengokongeza iithegi ezilumkileyo kumfanekiso okanye kwividiyo ukumisela ukuba idatha ethunyelweyo idityanisiwe kumsebenzisi.
Iinkcukacha zobuthathaka kwiMediaTek Audio HAL azikacaciswanga, kodwa ezinye izithintelo ezintathu kwi-firmware ye-DSP zibangelwa ukujonga umda ongalunganga xa kusetyenzwa imiyalezo ye-IPI (Inter-Processor Interrupt) ethunyelwe ngumqhubi we-audio_ipi kwi-DSP. Ezi ngxaki zikuvumela ukuba ubangele ukuphuphuma kwe-buffer elawulwayo kubaphathi ababonelelwe yi-firmware, apho ulwazi malunga nobukhulu bedatha edlulisiweyo ithathwe kwintsimi ngaphakathi kwepakethi ye-IPI, ngaphandle kokujonga ubungakanani bokwenene obubekwe kwimemori ekwabelwana ngayo.
Ukufikelela kumqhubi ngexesha lovavanyo, iifowuni ezichanekileyo ze-ioctls okanye ilayibrari /vendor/lib/hw/audio.primary.mt6853.so, engafumanekiyo kwizicelo eziqhelekileyo ze-Android, zisetyenzisiwe. Nangona kunjalo, abaphandi bafumene i-workaround yokuthumela imiyalelo esekwe kusetyenziso lweenketho zokulungisa ezifumanekayo kwizicelo zomntu wesithathu. Ezi parameters zingatshintshwa ngokubiza inkonzo ye-AudioManager ye-Android ukuhlasela iilayibrari zeMediaTek Aurisys HAL (libfvaudio.so), ezibonelela ngeefowuni ukusebenzisana ne-DSP. Ukuvala le ndlela yokusebenza, iMediaTek isuse amandla okusebenzisa umyalelo we-PARAM_FILE ngeAudioManager.
umthombo: opennet.ru