Ubuthathaka kubaqhubi be-Broadcom WiFi chips, ekuvumela ukuba uhlasele inkqubo ukude

Kubaqhubi beetshiphusi ezingenazingcingo zeBroadcom tyhiniwe ezine ubuthathakaKwimeko elula, ubuthathaka bungasetyenziselwa ukubangela ukwaliwa kwenkonzo kude, kodwa iimeko azinakuthintelwa apho kunokuphuhliswa khona ukuxhaphaza okuvumela umhlaseli ongaqinisekiswanga ukuba aphumeze ikhowudi yakhe ngamalungelo e-kernel. Linux ngokuthumela iipakeji ezilungiselelwe ngokukodwa.

Iingxaki zachongwa ngobunjineli obubuyisela umva i-firmware ye-Broadcom. Iichips ezichaphazelekayo zisetyenziswa ngokubanzi kwiilaptops, ii-smartphones kunye nezixhobo ezahlukeneyo zabathengi, ukusuka kwi-SmartTVs ukuya kwi-Intanethi yezixhobo zezinto. Ngokukodwa, iitshiphusi zeBroadcom zisetyenziswa kwii-smartphones ezivela kubavelisi abanje ngeApple, iSamsug kunye neHuawei. Kuyaphawuleka ukuba i-Broadcom yaziswa ngobuthathaka emva ngoSeptemba 2018, kodwa kuthathe malunga neenyanga ze-7 ukukhulula ukulungiswa ngokubambisana nabavelisi bezixhobo.

Kukho iingxaki ezimbini ezichaphazela i-firmware yangaphakathi kwaye zinokuvumela ukuphunyezwa kwekhowudi kwindawo yokusebenza kwenkqubo esetyenziswa kwiitships zeBroadcom, nto leyo evumela ukuhlaselwa kwiindawo ezingasebenzisiyo. Linux (umzekelo, amathuba okuhlasela izixhobo ze-Apple aqinisekisiwe, I-CVE-2019-8564). Masikhumbule ukuba ezinye iichips ze-Broadcom Wi-Fi ziyiprosesa ekhethekileyo (i-ARM Cortex R4 okanye i-M3), eqhuba inkqubo efanayo yokusebenza kunye nokuphunyezwa kwe-802.11 stack wireless (FullMAC). Kwiichips ezinjalo, umqhubi uqinisekisa ukusebenzisana kwenkqubo ephambili kunye ne-Wi-Fi chip firmware. Ukufumana ulawulo olupheleleyo kwinkqubo ephambili emva kokuba i-FullMAC ithotyelwe, kucetywa ukuba kusetyenziswe ubuthathaka obongezelelweyo okanye, kwezinye iitshiphusi, uthathe ithuba lokufikelela ngokupheleleyo kwimemori yenkqubo. Kwiichips ezineSoftMAC, i-802.11 stack wireless iphunyezwa kwicala lomqhubi kwaye isetyenziswe kusetyenziswa inkqubo ye-CPU.


Ubuthathaka kubaqhubi be-Broadcom WiFi chips, ekuvumela ukuba uhlasele inkqubo ukude

Ubuthathaka bomqhubi buchaphazela zombini umqhubi we-wl ozimeleyo (iSoftMAC kunye neFullMAC) kunye ne-brcmfmac evulelekileyo (iFullMAC). Kufunyenwe ukugcwala kwe-buffer ezimbini kwi-wl driver, zisetyenziswe xa indawo yokufikelela ithumela imiyalezo ye-EAPOL eyenziwe ngokukodwa ngexesha lokuxoxisana ngonxibelelwano (uhlaselo lunokwenziwa xa kuqhagamshelwa kwindawo yokufikelela enobungozi). Kwimeko ye-chip yeSoftMAC, ubuthathaka bukhokelela kwi-kernel compromise, ngelixa kwimeko yeFullMAC, ukuphunyezwa kwekhowudi kunokwenzeka kwi-firmware. Kwi-brcmfmac, kukho impazamo yokugcwala kwe-buffer kunye ne-frame validation, esetyenziswa ngokuthumela ii-control frames. Kwi-kernel Linux iingxaki ngomqhubi we-brcmfmac babekho isusiwe ngoFebruwari.

Ubuthathaka obuchongiweyo:

  • I-CVE-2019-9503 - ukuziphatha okungalunganga komqhubi we-brcmfmac xa ukucubungula iifreyimu zokulawula ezisetyenziselwa ukusebenzisana ne-firmware. Ukuba isakhelo esinesiganeko se-firmware sivela kumthombo wangaphandle, umqhubi uyasilahla, kodwa ukuba isiganeko sifunyenwe ngebhasi yangaphakathi, isakhelo sinqanyuliwe. Ingxaki kukuba iziganeko ezivela kwizixhobo ezisebenzisa i-USB zihanjiswa ngebhasi yangaphakathi, evumela abahlaseli ukuba badlulisele ngempumelelo iifreyimu zokulawula i-firmware xa usebenzisa i-adapters ezingenazintambo nge-interface ye-USB;
  • I-CVE-2019-9500 - Xa i-"Wake-up on Wireless LAN" inikwe amandla, kunokwenzeka ukuba kubangele ukuphuphuma kwemfumba kumqhubi we-brcmfmac (umsebenzi brcmf_wowl_nd_results) ngokuthumela isakhelo solawulo esilungisiweyo. Olu buthathaka lungasetyenziselwa ukuququzelela ukuphunyezwa kwekhowudi kwinkqubo ephambili emva kokuba i-chip ithotyelwe okanye idibaniswe ne-CVE-2019-9503 yengozi yokugqithisa ukuhlolwa kwimeko yokuthunyelwa kude kwesakhelo sokulawula;
  • I-CVE-2019-9501 - i-buffer iphuphuma kumqhubi we-wl (umsebenzi we-wlc_wpa_sup_eapol) eyenzeka xa kusetyenzwa imiyalezo enomxholo wayo wecandelo lolwazi lomenzi udlula i-32 bytes;
  • I-CVE-2019-9502 -I-buffer ephuphumayo kumqhubi we-wl (wrc_wpa_plumb_gtk umsebenzi) yenzeka xa kusetyenzwa imiyalezo enomxholo wayo wolwazi lomenzi udlula i-164 bytes.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS πŸ”₯ Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster