Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Svondo rapfuura, ARM yakazivisa ruzivo pamusoro pehutatu husina simba mumadhiraivha ako eGPU akashandiswa pa Android, ChromeOS uye Linux masisitimu uye nekudaro kusasimba kunobvumira mushandisi wemuno asina rusarura kuti aite kodhi yavo nekodzero dzekernel.
Nokuda kwayo Google inogadzirisawo chikamu chematambudziko ekuchengetedza mu Android uye taura vanorwisa vanga vachitoshandisa imwe yehutera (CVE-2023-4211) mumabasa ekuita kuita kwakanangwa kurwiswa kwerudzi rweZero Day. Semuyenzaniso, kusazvibata kunogona kushandiswa mumashandisirwo akashata anoparadzirwa kuburikidza nezvinopokana kuti uwane mukana wakazara kune sisitimu uye kuisa zvikamu zvinosora mushandisi.
Nezve kusasimba kwakawanikwa uye kwakambotaurwa, ndiko CVE-2023-4211, Kusagadzikana kunomuka kana uchiita zvisirizvo kushanda kweGPU ndangariro, iyo zvinogona kuguma nekuwana yakatosunungurwa system memory, iyo inogona kushandiswa mamwe mabasa ari kushanda mukernel. Iwo ari munjodzi maGPU modhi anoshandiswa muma smartphones Google Pixel 7, Samsung S20 uye S21, Motorola Edge 40, OnePlus Nord 2, Asus ROG Runhare 6, Redmi Note 11, 12, Honor 70 Pro, RealMe GT, Xiaomi 12 Pro, Oppo Tsvaga X5. Pro, Reno 8 Pro uye mimwe michina ine Mediatek chips.
Ongororo yehukukutu hunobva pamhedzisiro inogona kuve nekushandisa njodzi pamudziyo wakakanganisika, tichifungidzira kuti puratifomu uye kuderedzwa kwesevhisi kwakavharwa nekuda kwezvinangwa zvekusimudzira kana kudarikwa zvakabudirira.
Kune chikamu che mhinduro yekusagadzikana, inotaurwa kuti yakagoverwa mune r43p0 mutyairi gadziriso yeMali GPUs yakavakirwa paBifrost neValhall microarchitectures, pamwe neyechishanu chizvarwa ARM GPUs. Hapana zvigadziriso zvemutyairi zvakaburitswa Midgard mhuri GPUs. Iyo gadziriso inopihwa zvakare sechikamu cheSeptember inogadziridza kune ese aripo anotsigirwa mapazi eChrome OS uye muna Gumiguru Android update.
Imwe njodzi izvo zvakazarurwa ndizvo CVE-2023-33200 uye izvo inomuka mukukanganisa kweGPU mashandiro vanogona kukonzera nhangemutange mamiriro uye kuwana ndangariro yakatosunungurwa nemutungamiriri. Kusagadzikana kwakagadziriswa mukugadziridza mutyairi r44p1 uye r45p0 yeMali GPUs yakavakirwa paBifrost neValhall microarchitectures, pamwe nechizvarwa chechishanu ARM GPUs.
Chekupedzisira yekusagadzikana kwataurwa ndeye CVE-2023-34970 uye iyo inomuka mukukanganisa kweGPU mashandiro vanogona kukonzera kuti buffer ifashuke uye kunze-kwe-yekumisikidza ndangariro kuwana. Kusagadzikana kwakagadziriswa mukugadziridza mutyairi r44p1 uye r45p0 yeMali GPUs yakavakirwa paValhall microarchitecture uye XNUMXth chizvarwa ARM GPUs.
Chekupedzisira asi chisiri chidiki, sezvatotaurwa pamusoro apa, Google yakazivisawo ruzivo pamusoro pehutera hwakasiyana uye mumushumo wayo waGumiguru uye umo yakataura nezvekusagadzikana kwe53, idzo 5 kusadzivirirwa kwakapihwa nhanho yakakosha uye vamwe vese vakapihwa yakakwira ngozi. Nyaya dzakakomba dzinokutendera kuti utange kurwisa kure kuti uite kodhi yako pane system.
Kune chikamu chematambudziko akaiswa seane ngozi, anotaurwa kuti aya anobvumira kodhi kuti iite mumamiriro ezvinhu akasarudzika nzira nekushandisa zvikumbiro zvemuno. Nyaya nhatu dzakakomba (CVE-2023-24855, CVE-2023-28540, uye CVE-2023-33028) dzakaonekwa mune zvemhando yeQualcomm zvikamu uye zviviri (CVE-2023-40129, CVE-2023-4863) muhurongwa (in libwebp) uye Bluetooth bhatiri).
Pakazara, 5 kusasimba kwakaonekwa muArM, MediaTek, Unisoc uye Qualcomm zvikamu uye zvazvo zvakakodzera kuti titaure kuti vanorwisa vatoshandisa kusagadzikana kuviri (imwe muARM GPU uye imwe mu libwebp) muzero zuva rekushandisa.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.