Uma exhashazwa, lawa maphutha angavumela abahlaseli ukuthi bathole ukufinyelela okungagunyaziwe kulwazi olubucayi noma ngokuvamile babangele izinkinga.
Lezi zindaba zimenyezelwe muva nje ngabathuthukisi bephrojekthi ye-GrapheneOS, mayelana ne-vkutholwe ubungozi ku-Android 14 kusitaki se-Bluetooth LE, iphutha kungenxa yenkohlakalo yenkumbulo eyethulwe ku-Android 14 QPR2.
Kulabo abangazi nge-GrapheneOS, kufanele wazi ukuthi lena iphrojekthi ethuthukisa inguqulo evikelekile yesisekelo sekhodi ye-AOSP, futhi yibona abathole ubungozi kusitaki se-Bluetooth se-Android 14 abathi singaxhashazwa. futhi ivumela ukuthi iholele ekusebenzeni kwekhodi ekude.
Mayelana nokuba sengozini, Onjiniyela be-GrapheneOS basho ukuthi lokhu kusuka ekufinyeleleni endaweni yenkumbulo ekhululwe ngaphambilini, eyaziwa ngokuthi “use-after-free.” Inkinga ilele kukhodi enesibopho sokucubungula umsindo othunyelwa nge-Bluetooth LE.
Usekelo lwethu lokumaka imemori yehadiwe ye-Pixel 8 ne-Pixel 8 Pro ithole iphutha lenkohlakalo lememori elethulwe ku-Android 14 QPR2 ye-Bluetooth LE. Okwamanje sisaphenya ukuze sinqume ukuthi singasilungisa kanjani noma sikhubaze okwesikhashana isici esisanda kwethulwa njengendlela yokusingatha izinkinga.
Ukuhlonzwa kwalobu bungozi ngenxa yengxenye yokuqaliswa kokuvikela okwengeziwe kusetshenziswa umsebenzi onzima_we-malloc, esebenzisa isandiso se-ARMv8.5 MTE. Lesi sandiso sikuvumela ukuthi unikeze amalebula kumsebenzi ngamunye wokwabiwa kwenkumbulo futhi wenze ukuhlola ukuze uqinisekise ukusetshenziswa okufanele kwezikhombisi, ngaleyo ndlela ugweme ukuxhashazwa kobuthakathaka obuhlobene nokufinyelela kumemori ekhululiwe, ukuchichima kwe-buffer, izingcingo zemisebenzi ngaphambi kokuqaliswa kwazo nokusebenzisa ngaphandle kwamanje. umongo.
Leli phutha liqale ukuvela ngemuva kokubuyekeza ku-Android 14 QPR2 (inguqulo yesikhulumi sekota), yethulwe ekuqaleni kukaMashi. Ekukhululweni okuyisisekelo kwekhodi ye-Android 14, ukusebenza kwe-MTE kuyatholakala njengenketho kodwa akukanikwa amandla ngokuzenzakalela.
Nokho, ku-GrapheneOS, ukuvikelwa kwe-MTE kwenziwe kwasebenza ukuze kunikeze isendlalelo esengeziwe sokuphepha, esivumele isiphazamisi ukuthi sibonakale ngemva kokubuyekezwa ku-Android 14 QPR2. Lesi siphazamisi sibangele ukuphahlazeka lapho kusetshenziswa amahedfoni e-Bluetooth e-Samsung Galaxy Buds2 Pro nge-firmware evumela ukuvikelwa okusekelwe ku-MTE. Ukuhlaziywa okulandelayo kwesigameko iveze ukuthi inkinga ibihlobene nokufinyelela kwememori ekhululiwe kumshayeli we-Bluetooth LE, futhi akuzange kubangelwe ukuhlanganiswa komsebenzi we-MTE ngokwawo.
Ngasohlangothini lwezixazululo ezingenzeka ekubeni sengozini, abathuthukisi be-GrapheneOS Basho ukuthi ukukhubaza ukumaka inkumbulo kule nqubo akusona isixazululo enye indlela eyamukelekayo ngisho nangesikhathi esifushane ngoba iyindawo ebalulekile yokuhlasela, kungakhathaliseki ukuthi lesi siphazamisi siyasebenziseka noma cha. Lokhu kwenzeka kuphela kumadivayisi athile e-Bluetooth LE, hhayi wonke amadivaysi e-Bluetooth.
Ukuba sengozini okukhulunywe ngakho ixazululiwe ku la Inguqulo ye-GrapheneOS 2024030900. Okubalulekile, lobu bungozi buthinta izinguqulo ze-smartphone ezingenakho ukuvikeleka okwengeziwe kwezingxenyekazi zekhompuyutha ngokusekelwe kusandiso se-MTE. Okwamanje, isandiso se-MTE sinikwe amandla kuphela kumadivayisi e-Pixel 8 ne-Pixel 8 Pro.
Senze isiqeshana sesiphazamisi se-Android 2 QPR14 esisebenzise ngemva kokukhishwa esisitholile nge-Bluetooth LE. Okubalulekile kwethu ukukhipha inguqulo ye-GrapheneOS esizoyilungisa maduze futhi sizoyibika njengesiphazamisi sokuvikela se-Android. Lokhu kufanele futhi kuxazulule ukuhlehla komsindo we-BLE.
Ukuba sengozini kubonwe kuma-smartphones e-Google Pixel 8 ane-firmware esekelwe ku-Android 14 QPR2. Kumadivayisi ochungechunge lwe-Pixel 8, kungenzeka ukunika amandla imodi ye-MTE kuzilungiselelo zonjiniyela. Lokhu kungenziwa ngokuya kokuthi “Izilungiselelo/Isistimu/Izinketho Zonjiniyela/Izandiso Zokulebula Kwenkumbulo”. Kubalulekile ukuqaphela ukuthi ukunika amandla i-MTE kuphumela ekwenyukeni kokusetshenziswa kwememori okucishe kube ngu-3%, kodwa akuthinti ukusebenza kwedivayisi.
Ekugcineni yebo unentshisekelo yokwazi okwengeziwe ngayo, ungabheka ifayela le- imininingwane kusixhumanisi esilandelayo.