Ezinsukwini ezimbalwa ezedlule, kwaqhamuka izindaba zokuthi abashayeli bama-chip angenantambo we-Broadcom kutholakale ubungozi obune, ukuthi bavumela ukuhlaselwa okukude kwenziwe kumadivayisi afaka la machips.
Esimweni esilula kakhulu, ukuba sengozini kungasetshenziselwa ukwenqaba insizakalo kude, kepha izimo lapho ubungozi bungavela khona azishiywa ngaphandle evumela umhlaseli ongagunyaziwe ukusebenzisa ikhodi yakho ngamalungelo we-Linux kernel ngokuthumela amaphakheji akhiwe ngokukhethekile.
Lezi zinkinga zikhonjwe ngesikhathi se-Broadcom firmware reverse engineering, lapho ama-chips athambekele ekubeni sengozini asetshenziswa kakhulu kuma-laptops, ama-smartphones, nakwimishini ehlukahlukene yabathengi, kusuka kuma-SmartTV kuya kumadivayisi we-IoT.
Ikakhulu, ama-chip we-Broadcom asetshenziswa kuma-smartphones wabakhiqizi abanjengo-Apple, uSamsumg noHuawei.
Kumele kuqashelwe ukuthi I-Broadcom yaziswa ngobungozi ngo-Septhemba 2018, kepha kuthathe cishe izinyanga eziyi-7 (Ngamanye amagama, kule nyanga nje) qalisa ukulungisa okuqondaniswe nabakhiqizi bemishini.
Yini ubuthakathaka obutholakele?
Ukuba sengozini okubili kuthinta i-firmware yangaphakathi futhi okungenzeka vumela ukwenziwa kwekhodi esimweni sohlelo lokusebenza esetshenziswa kuma-chip we-Broadcom.
Ini Ivumela ukuhlasela izindawo ezingezona eze-Linux (Isibonelo, kungenzeka ukuhlaselwa kwamadivayisi we-Apple, i-CVE-2019-8564 iqinisekisiwe)).
Lapha kubalulekile ukugcizelela ukuthi amanye ama-chip we-Broadcom Wi-Fi ayiprosesa ekhethekile (i-ARM Cortex R4 noma i-M3), ezosebenzisa ukufana kwesistimu yakho yokusebenza kusukela ekusetshenzisweni kwesitaki sayo esingenantambo esingu-802.11 (i-FullMAC).
Kuma-chips athi, isilawuli sihlinzeka ngokusebenzisana kwesistimu ne-chip firmware I-Wi-Fi
Encazelweni yokuhlaselwa:
Ukuthola ukulawula okugcwele kohlelo oluphambili ngemuva kokuthi i-FullMAC yonakalisiwe, kuhlongozwa ukusebenzisa ubungozi obengeziwe noma ukufinyelela okugcwele kwimemori yohlelo kwamanye ama-chips.
Kuma-chip eSoftMAC, isitaki esingenantambo esingu-802.11 senziwa ohlangothini lwesilawuli futhi siqhutshwa yi-CPU yesistimu.
Kubalawuli, Ukuba sengozini kubonakala kukho konke kumshayeli ophethe i-wl (ISoftMAC neFullMAC) njengaku-brcmfmac evulekile (i-FullMAC).
Kumshayeli we-wl, kutholakala ukugcwala okuningana kwe-buffer, kuxhashazwe lapho indawo yokungena ithumela khona imilayezo eyenziwe ngobuhlakani ye-EAPOL ngesikhathi senqubo yezingxoxo zokuxhuma (ukuhlaselwa kungenziwa ngokuxhuma endaweni yokungena enonya).
Endabeni ye-chip eneSoftMAC, ukuba sengozini kuholela ekuyekethiseni kohlelo lwekernel, futhi esimweni seFullMAC, ikhodi ingasebenza ohlangothini lwe-firmware.
Ku-brcmfmac, kunokugcwala kwe-buffer nephutha ekuhloleni amafreyimu acutshunguliwe, asetshenziswa ngokuthumela amafreyimu wokulawula. Ku-Linux kernel, izinkinga kumshayeli we-brcmfmac zalungiswa ngoFebhuwari.
Ukuba sengozini okukhonjiwe
Ubuthakathaka obune obudalulwe kusukela ngoSepthemba nyakenye, Sebevele babalwa ohlwini lwamaCVE alandelayo.
I-CVE-2019-9503
Ukuziphatha okungalungile komshayeli we-brcmfmac lapho kucubungulwa amafreyimu wokulawula asetshenziselwa ukuxhumana ne-firmware.
Uma ifreyimu enomcimbi we-firmware ivela kumthombo wangaphandle, isilawuli siyasilahla, kepha uma umcimbi utholwa ngebhasi langaphakathi, ifreyimu ayinakwa.
Inkinga ukuthi imicimbi evela kumadivayisi asebenzisa i-USB idluliswa ngaphezulu kwebhasi langaphakathi, ivumela abahlaseli ukuthi badlulise ngempumelelo i-firmware elawula amafreyimu esimweni sokusebenzisa ama-adapter angenantambo e-USB;
I-CVE-2019-9500
Lapho wenza kusebenze umsebenzi "Vuka ku-Wireless LAN", kungadala ukugcwala kusilawuli se-brcmfmac (function brcmf_wowl_nd_result) sithumela uhlaka lokulawula oluguqulwe ngokukhethekile.
Lokhu kuba sengozini ingasetshenziselwa ukuhlela ukwenziwa kwekhodi kumsingathi ngemuva kokuzibandakanya kwe-chip noma ngokuhlangana.
I-CVE-2019-9501
I-buffer ichichima kudrayivu ye-wl (wlc_wpa_sup_eapol function), eyenzeka ngesikhathi sokucutshungulwa kwemilayezo, okuqukethwe kwenkambu yolwazi lomkhiqizi edlula ama-byte angama-32.
I-CVE-2019-9502
I-buffer ichichima kumshayeli we-wl (wlc_wpa_plumb_gtk function), okwenzeka ngesikhathi sokucutshungulwa kwemilayezo, okuqukethwe kwenkambu yolwazi lomkhiqizi edlula amabhayithi ayi-164.
Umthombo: https://blog.quarkslab.com