Kubashayeli be-Broadcom wireless chips ezine . Esimeni esilula, ubungozi bungasetshenziswa ukubangela ukunqatshelwa kwesevisi ukude, kodwa izimo azikwazi ukukhishwa lapho ukuxhaphaza kungathuthukiswa okuvumela umhlaseli ongagunyaziwe ukuthi asebenzise ikhodi yakhe ngamalungelo e-Linux kernel ngokuthumela amaphakethe aklanywe ngokukhethekile.
Izinkinga zihlonzwe ngobunjiniyela obuhlehlayo i-firmware ye-Broadcom. Ama-chips athintekile asetshenziswa kakhulu kumakhompyutha aphathekayo, omakhalekhukhwini kanye nezinhlobonhlobo zamadivayisi abathengi, kusukela kuma-SmartTV kuya kumadivayisi e-inthanethi Yezinto. Ikakhulukazi, ama-chips e-Broadcom asetshenziswa kuma-smartphones avela kubakhiqizi abanjengo-Apple, i-Samsug neHuawei. Kuyaphawuleka ukuthi i-Broadcom yaziswa ngobungozi emuva ngo-September 2018, kodwa kuthathe cishe izinyanga ezingu-7 ukukhipha ukulungiswa ngokubambisana nabakhiqizi bemishini.
Ubungozi obubili buthinta i-firmware yangaphakathi futhi bungase buvumele ikhodi ukuthi isetshenziswe endaweni yesistimu yokusebenza esetshenziswa kuma-chips e-Broadcom, okwenza kube nokwenzeka ukuhlasela izindawo ezingasebenzisi i-Linux (isibonelo, amathuba okuhlasela amadivayisi e-Apple aqinisekisiwe. ). Masikhumbule ukuthi amanye ama-chip e-Broadcom Wi-Fi ayiphrosesa eyisipesheli (i-ARM Cortex R4 noma i-M3), esebenzisa isistimu yokusebenza efanayo ngokusetshenziswa kwesitaki sayo esingenantambo esingu-802.11 (FullMAC). Kuma-chips anjalo, umshayeli uqinisekisa ukusebenzisana kwesistimu enkulu ne-Wi-Fi chip firmware. Ukuze uthole ukulawula okugcwele ohlelweni oluyinhloko ngemva kokuba i-FullMAC ifakwe ebucayini, kuhlongozwa ukuthi kusetshenziswe ubungozi obengeziwe noma, kwamanye ama-chips, kusizakale ngokufinyelela okugcwele kumemori yohlelo. Kuma-chips ane-SoftMAC, isitaki esingenantambo esingu-802.11 sisetshenziswa ohlangothini lomshayeli futhi sisetshenziswa kusetshenziswa i-CPU yesistimu.
Ukuba sengozini komshayeli kwenzeka kukho kokubili umshayeli we-wl wobunikazi (i-SoftMAC ne-FullMAC) kanye nomthombo ovulekile we-brcmfmac (FullMAC). Kutholwe ukuchichima kwebhafa kumshayeli we-wl, kusetshenziswe kabi lapho indawo yokufinyelela idlulisela imilayezo ye-EAPOL efomethwe ngokukhethekile phakathi nenqubo yezingxoxo zokuxhuma (ukuhlasela kungenziwa lapho kuxhunywa endaweni yokufinyelela enonya). Endabeni ye-chip ene-SoftMAC, ubungozi buholela ebucayini be-kernel yesistimu, futhi esimweni se-FullMAC, ikhodi ingenziwa ohlangothini lwe-firmware. I-brcmfmac iqukethe ukuchichima kwebhafa kanye nephutha lokuhlola uzimele elisetshenziswe ngokuthumela ozimele bokulawula. Izinkinga ngomshayeli we-brcmfmac ku-Linux kernel ngoFebhuwari.
Ubungozi obuhlonziwe:
- I-CVE-2019-9503 - ukuziphatha okungalungile komshayeli we-brcmfmac lapho kucutshungulwa amafreyimu okulawula asetshenziselwa ukuxhumana ne-firmware. Uma uhlaka olunomcimbi we-firmware luvela kumthombo wangaphandle, umshayeli uyalulahla, kodwa uma umcimbi wamukelwe ngebhasi langaphakathi, uhlaka luyeqiwa. Inkinga iwukuthi izenzakalo ezivela kumadivayisi asebenzisa i-USB zidluliselwa ngebhasi langaphakathi, elivumela abahlaseli ukuba badlulisele ngempumelelo amafreyimu okulawula i-firmware lapho besebenzisa ama-adapter angenawaya ane-USB interface;
- I-CVE-2019-9500 - Uma isici esithi "Ukuvuka ku-LAN Okungenantambo" sinikwe amandla, kuyenzeka ubangele ukuchichima kwenqwaba kumshayeli we-brcmfmac (umsebenzi brcmf_wowl_nd_results) ngokuthumela uhlaka lokulawula olulungiswe ngokukhethekile. Lokhu kuba sengozini kungasetshenziswa ukuhlela ukusetshenziswa kwekhodi kusistimu eyinhloko ngemva kokuthi i-chip ifakwe ebucayini noma kuhlanganiswe nokuba sengozini kwe-CVE-2019-9503 ukuze kudlule ukuhlolwa esimweni sokuthunyelwa kokude kohlaka lokulawula;
- I-CVE-2019-9501 - ukuchichima kwebhafa kumshayeli we-wl (umsebenzi we-wlc_wpa_sup_eapol) okwenzeka lapho kucutshungulwa imilayezo okuqukethwe kwayo kwenkambu yolwazi lomkhiqizi kudlula amabhayithi angama-32;
- I-CVE-2019-9502 - Ukuchichima kwebhafa kumshayeli we-wl (umsebenzi we-wlc_wpa_plumb_gtk) kwenzeka lapho kucutshungulwa imilayezo okuqukethwe kwayo kwenkambu yolwazi lomkhiqizi kudlula amabhayithi angu-164.
Source: opennet.ru