Kubaqhubi beetshiphusi ezingenazingcingo zeBroadcom ezine . Kweyona meko ilula, ubuthathaka bunokusetyenziswa ukude kubangele ukwaliwa kwenkonzo, kodwa iimeko azinakukhutshelwa ngaphandle apho ukuxhaphaza kunokuphuhliswa okuvumela umhlaseli ongagunyaziswanga ukuba enze ikhowudi yawo ngamalungelo e-Linux kernel ngokuthumela iipakethi eziyilwe ngokukodwa.
Iingxaki zachongwa ngobunjineli obubuyisela umva i-firmware ye-Broadcom. Iichips ezichaphazelekayo zisetyenziswa ngokubanzi kwiilaptops, ii-smartphones kunye nezixhobo ezahlukeneyo zabathengi, ukusuka kwi-SmartTVs ukuya kwi-Intanethi yezixhobo zezinto. Ngokukodwa, iitshiphusi zeBroadcom zisetyenziswa kwii-smartphones ezivela kubavelisi abanje ngeApple, iSamsug kunye neHuawei. Kuyaphawuleka ukuba i-Broadcom yaziswa ngobuthathaka emva ngoSeptemba 2018, kodwa kuthathe malunga neenyanga ze-7 ukukhulula ukulungiswa ngokubambisana nabavelisi bezixhobo.
Ubuthathaka obubini buchaphazela i-firmware yangaphakathi kwaye inokuvumela ikhowudi ukuba iqhutywe kwindawo yenkqubo yokusebenza esetyenziswa kwi-chips ye-Broadcom, eyenza kube lula ukuhlasela iindawo ezingasebenzisi i-Linux (umzekelo, ukuba kunokwenzeka ukuhlasela izixhobo ze-Apple kuqinisekisiwe. ). Masikhumbule ukuba ezinye iichips ze-Broadcom Wi-Fi ziyiprosesa ekhethekileyo (i-ARM Cortex R4 okanye i-M3), eqhuba inkqubo efanayo yokusebenza kunye nokuphunyezwa kwe-802.11 stack wireless (FullMAC). Kwiichips ezinjalo, umqhubi uqinisekisa ukusebenzisana kwenkqubo ephambili kunye ne-Wi-Fi chip firmware. Ukufumana ulawulo olupheleleyo kwinkqubo ephambili emva kokuba i-FullMAC ithotyelwe, kucetywa ukuba kusetyenziswe ubuthathaka obongezelelweyo okanye, kwezinye iitshiphusi, uthathe ithuba lokufikelela ngokupheleleyo kwimemori yenkqubo. Kwiichips ezineSoftMAC, i-802.11 stack wireless iphunyezwa kwicala lomqhubi kwaye isetyenziswe kusetyenziswa inkqubo ye-CPU.
Ubuthathaka bomqhubi buvela kumqhubi we-wl wobunikazi (iSoftMAC kunye ne-FullMAC) kunye nomthombo ovulekileyo we-brcmfmac (FullMAC). I-buffer overflows emibini ifunyenwe kumqhubi we-wl, isetyenziswe xa indawo yokufikelela ihambisa imiyalezo ye-EAPOL efomathiweyo ngokukodwa ngexesha lenkqubo yothethathethwano loqhagamshelwano (uhlaselo lunokwenziwa xa uqhagamsheleka kwindawo yokufikelela engalunganga). Kwimeko ye-chip kunye neSoftMAC, ubuthathaka bukhokelela ekuthotyweni kwe-kernel yenkqubo, kwaye kwimeko ye-FullMAC, ikhowudi inokuphunyezwa kwicala le-firmware. I-brcmfmac iqulethe ukuphuphuma kwebuffer kunye nempazamo yokujonga isakhelo esetyenziswe ngokuthumela izakhelo zolawulo. Iingxaki ngomqhubi we-brcmfmac kwi-Linux kernel ngoFebruwari.
Ubuthathaka obuchongiweyo:
- I-CVE-2019-9503 - ukuziphatha okungalunganga komqhubi we-brcmfmac xa ukucubungula iifreyimu zokulawula ezisetyenziselwa ukusebenzisana ne-firmware. Ukuba isakhelo esinesiganeko se-firmware sivela kumthombo wangaphandle, umqhubi uyasilahla, kodwa ukuba isiganeko sifunyenwe ngebhasi yangaphakathi, isakhelo sinqanyuliwe. Ingxaki kukuba iziganeko ezivela kwizixhobo ezisebenzisa i-USB zihanjiswa ngebhasi yangaphakathi, evumela abahlaseli ukuba badlulisele ngempumelelo iifreyimu zokulawula i-firmware xa usebenzisa i-adapters ezingenazintambo nge-interface ye-USB;
- I-CVE-2019-9500 - Xa i-"Wake-up on Wireless LAN" inikwe amandla, kunokwenzeka ukuba kubangele ukuphuphuma kwemfumba kumqhubi we-brcmfmac (umsebenzi brcmf_wowl_nd_results) ngokuthumela isakhelo solawulo esilungisiweyo. Olu buthathaka lungasetyenziselwa ukuququzelela ukuphunyezwa kwekhowudi kwinkqubo ephambili emva kokuba i-chip ithotyelwe okanye idibaniswe ne-CVE-2019-9503 yengozi yokugqithisa ukuhlolwa kwimeko yokuthunyelwa kude kwesakhelo sokulawula;
- I-CVE-2019-9501 - i-buffer iphuphuma kumqhubi we-wl (umsebenzi we-wlc_wpa_sup_eapol) eyenzeka xa kusetyenzwa imiyalezo enomxholo wayo wecandelo lolwazi lomenzi udlula i-32 bytes;
- I-CVE-2019-9502 -I-buffer ephuphumayo kumqhubi we-wl (wrc_wpa_plumb_gtk umsebenzi) yenzeka xa kusetyenzwa imiyalezo enomxholo wayo wolwazi lomenzi udlula i-164 bytes.
umthombo: opennet.ru