Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.
Kwiveki ephelileyo, i-ARM ibhengeze ulwazi malunga nobuthathaka obuthathu kubaqhubi bakho beGPU abasetyenzisiweyo kwiinkqubo ze-Android, ChromeOS kunye neLinux kwaye ngenxa yoko ubuthathaka buvumela umsebenzisi wasekhaya ongenanto ukuba aphumeze ikhowudi yakhe ngamalungelo e-kernel.
Ngenxalenye yalo UGoogle ukwajongana nenxalenye yeengxaki zokhuseleko kwi-Android kwaye khankanya abahlaseli sele bexhaphaza omnye wobuthathaka (CVE-2023-4211) kwizenzo ezisebenzayo zokuqhuba uhlaselo olujoliswe kuyo lohlobo lweZero Day. Umzekelo, ukuba sesichengeni kungasetyenziswa kwiinkqubo ezinobungozi ezisasazwa ngemithombo ethandabuzekayo ukufumana ufikelelo olupheleleyo kwisistim kunye nokuhlohla izixhobo ezihlola umsebenzisi.
Ngokumalunga nobuthathaka obufunyenweyo kwaye obusele bukhankanyiwe, bubu ICVE-2023-4211, Ubuthathaka buvela xa kusenziwa umsebenzi ongalunganga wememori ye-GPU, leyo kunokukhokelela ekufikeleleni kwimemori yenkqubo esele ikhululwe, enokusetyenziswa ngelixa eminye imisebenzi isebenza kwi kernel. Iimodeli zeGPU ezisesichengeni zisetyenziswa kwii-smartphones zikaGoogle Pixel 7, Samsung S20 kunye neS21, Motorola Edge 40, OnePlus Nord 2, Asus ROG Phone 6, Redmi Note 11, 12, Honor 70 Pro, RealMe GT, Xiaomi 12 Pro, Oppo Fumana X5. Pro, Reno 8 Pro kunye nezinye izixhobo ezineetshiphusi zeMediatek.
Uvavanyo lobukhali lusekwe kwisiphumo sokuxhaphaza ukuba sesichengeni kunokubakho kwisixhobo esichaphazelekayo, kucingelwa ukuba iqonga kunye nonciphiso lwenkonzo luvaliwe ngeenjongo zophuhliso okanye lugqithwe ngempumelelo.
Kwicala le isisombululo sokuba sesichengeni, kukhankanyiwe ukuba sasasazwa kuhlaziyo lomqhubi we-r43p0 weMali GPUs esekwe kwiBifrost kunye neValhall microarchitectures, kunye nakwisizukulwana sesi-XNUMX se-ARM GPU. Akukho luhlaziyo lomqhubi olukhutshiweyo kwi-GPU yosapho lwaseMidgard. Ulungiso lukwabonelelwa njengenxalenye yohlaziyo lukaSeptemba kuwo onke amasebe akhoyo axhaswayo e-Chrome OS kunye nohlaziyo luka-Okthobha lwe-Android.
Olunye ubungozi oko kwatyhilwa I-CVE-2023-33200 kwaye yintoni ivela kwimisebenzi ye-GPU engalunganga banokubangela imeko yogqatso kunye nokufikelela kwimemori esele ikhululwe ngumlawuli. Ukuba sesichengeni kwalungiswa kuhlaziyo lwabaqhubi i-r44p1 kunye ne-r45p0 ye-Mali GPUs esekwe kwi-Bifrost kunye ne-Valhall microarchitectures, kunye ne-ARM GPU yesizukulwana sesihlanu.
Okokugqibela Ubuthathaka obukhankanyiweyo yi-CVE-2023-34970 kwaye yeyiphi ivela kwimisebenzi ye-GPU engalunganga zinokubangela ukuphuphuma kwesikhuseli kunye nofikelelo lwememori oluphuma ngaphandle kwemida. Ukuba sesichengeni kwalungiswa kuhlaziyo lwabaqhubi i-r44p1 kunye ne-r45p0 ye-Mali GPUs esekwe kwi-Valhall microarchitecture kunye ne-XNUMXth yesizukulwana se-ARM GPUs.
Okokugqibela, njengoko sele kukhankanyiwe ngasentla, UGoogle naye wabhengeza ulwazi malunga nobuthathaka obahlukeneyo kunye kwingxelo ka-Oktobha nalapho ikhankanye ubuthathaka obungama-53, apho ubuthathaka obu-5 banikwa inqanaba lengozi ebalulekileyo kwaye abanye babelwa kwinqanaba lengozi ephezulu. Imiba ebalulekileyo ikuvumela ukuba uqalise uhlaselo olukude ukwenza ikhowudi yakho kwisistim.
Ngenxalenye yeengxaki eziphawulwe njengengozi, zikhankanywa ukuba ezi zivumela ikhowudi ukuba iqhutywe kumxholo wenkqubo enelungelo ngokuxhaphaza izicelo zendawo. Imiba emithathu ebalulekileyo (i-CVE-2023-24855, i-CVE-2023-28540, kunye ne-CVE-2023-33028) ichongiwe kumacandelo e-Qualcomm yobunikazi kunye neembini (CVE-2023-40129, CVE-2023-4863) kwinkqubo (kwi-libwebp) kunye nebhetri yeBluetooth).
Lilonke, ubuthathaka obu-5 ichongiwe kwi-ARM, iMediaTek, i-Unisoc kunye ne-Qualcomm kwaye kufanelekile ukukhankanya ukuba abahlaseli sele besebenzisa ubuthathaka obubini (enye kwii-ARM GPUs kunye nenye kwi-libwebp) kwimisebenzi yabo yosuku lwe-zero.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.