Kubaqhubi beetshiphusi ezingenazingcingo zeBroadcom ezine Kwimeko elula, ubuthathaka bungasetyenziselwa ukubangela ukwaliwa kwenkonzo kude, kodwa iimeko azinakuthintelwa apho kunokuphuhliswa khona ukuxhaphaza okuvumela umhlaseli ongaqinisekiswanga ukuba aphumeze ikhowudi yakhe ngamalungelo e-kernel. Linux ngokuthumela iipakeji ezilungiselelwe ngokukodwa.
Iingxaki zachongwa ngobunjineli obubuyisela umva i-firmware ye-Broadcom. Iichips ezichaphazelekayo zisetyenziswa ngokubanzi kwiilaptops, ii-smartphones kunye nezixhobo ezahlukeneyo zabathengi, ukusuka kwi-SmartTVs ukuya kwi-Intanethi yezixhobo zezinto. Ngokukodwa, iitshiphusi zeBroadcom zisetyenziswa kwii-smartphones ezivela kubavelisi abanje ngeApple, iSamsug kunye neHuawei. Kuyaphawuleka ukuba i-Broadcom yaziswa ngobuthathaka emva ngoSeptemba 2018, kodwa kuthathe malunga neenyanga ze-7 ukukhulula ukulungiswa ngokubambisana nabavelisi bezixhobo.
Kukho iingxaki ezimbini ezichaphazela i-firmware yangaphakathi kwaye zinokuvumela ukuphunyezwa kwekhowudi kwindawo yokusebenza kwenkqubo esetyenziswa kwiitships zeBroadcom, nto leyo evumela ukuhlaselwa kwiindawo ezingasebenzisiyo. Linux (umzekelo, amathuba okuhlasela izixhobo ze-Apple aqinisekisiwe, ). Masikhumbule ukuba ezinye iichips ze-Broadcom Wi-Fi ziyiprosesa ekhethekileyo (i-ARM Cortex R4 okanye i-M3), eqhuba inkqubo efanayo yokusebenza kunye nokuphunyezwa kwe-802.11 stack wireless (FullMAC). Kwiichips ezinjalo, umqhubi uqinisekisa ukusebenzisana kwenkqubo ephambili kunye ne-Wi-Fi chip firmware. Ukufumana ulawulo olupheleleyo kwinkqubo ephambili emva kokuba i-FullMAC ithotyelwe, kucetywa ukuba kusetyenziswe ubuthathaka obongezelelweyo okanye, kwezinye iitshiphusi, uthathe ithuba lokufikelela ngokupheleleyo kwimemori yenkqubo. Kwiichips ezineSoftMAC, i-802.11 stack wireless iphunyezwa kwicala lomqhubi kwaye isetyenziswe kusetyenziswa inkqubo ye-CPU.
Ubuthathaka bomqhubi buchaphazela zombini umqhubi we-wl ozimeleyo (iSoftMAC kunye neFullMAC) kunye ne-brcmfmac evulelekileyo (iFullMAC). Kufunyenwe ukugcwala kwe-buffer ezimbini kwi-wl driver, zisetyenziswe xa indawo yokufikelela ithumela imiyalezo ye-EAPOL eyenziwe ngokukodwa ngexesha lokuxoxisana ngonxibelelwano (uhlaselo lunokwenziwa xa kuqhagamshelwa kwindawo yokufikelela enobungozi). Kwimeko ye-chip yeSoftMAC, ubuthathaka bukhokelela kwi-kernel compromise, ngelixa kwimeko yeFullMAC, ukuphunyezwa kwekhowudi kunokwenzeka kwi-firmware. Kwi-brcmfmac, kukho impazamo yokugcwala kwe-buffer kunye ne-frame validation, esetyenziswa ngokuthumela ii-control frames. Kwi-kernel Linux iingxaki ngomqhubi we-brcmfmac ngoFebruwari.
Ubuthathaka obuchongiweyo:
- I-CVE-2019-9503 - ukuziphatha okungalunganga komqhubi we-brcmfmac xa ukucubungula iifreyimu zokulawula ezisetyenziselwa ukusebenzisana ne-firmware. Ukuba isakhelo esinesiganeko se-firmware sivela kumthombo wangaphandle, umqhubi uyasilahla, kodwa ukuba isiganeko sifunyenwe ngebhasi yangaphakathi, isakhelo sinqanyuliwe. Ingxaki kukuba iziganeko ezivela kwizixhobo ezisebenzisa i-USB zihanjiswa ngebhasi yangaphakathi, evumela abahlaseli ukuba badlulisele ngempumelelo iifreyimu zokulawula i-firmware xa usebenzisa i-adapters ezingenazintambo nge-interface ye-USB;
- I-CVE-2019-9500 - Xa i-"Wake-up on Wireless LAN" inikwe amandla, kunokwenzeka ukuba kubangele ukuphuphuma kwemfumba kumqhubi we-brcmfmac (umsebenzi brcmf_wowl_nd_results) ngokuthumela isakhelo solawulo esilungisiweyo. Olu buthathaka lungasetyenziselwa ukuququzelela ukuphunyezwa kwekhowudi kwinkqubo ephambili emva kokuba i-chip ithotyelwe okanye idibaniswe ne-CVE-2019-9503 yengozi yokugqithisa ukuhlolwa kwimeko yokuthunyelwa kude kwesakhelo sokulawula;
- I-CVE-2019-9501 - i-buffer iphuphuma kumqhubi we-wl (umsebenzi we-wlc_wpa_sup_eapol) eyenzeka xa kusetyenzwa imiyalezo enomxholo wayo wecandelo lolwazi lomenzi udlula i-32 bytes;
- I-CVE-2019-9502 -I-buffer ephuphumayo kumqhubi we-wl (wrc_wpa_plumb_gtk umsebenzi) yenzeka xa kusetyenzwa imiyalezo enomxholo wayo wolwazi lomenzi udlula i-164 bytes.
umthombo: opennet.ru
