Intel CPUs Vulnerable to NetCat Attack, which can leak the data remotely.
The vulnerability affected in Intel products including Intel Xeon E5, E7 and SP families that support DDIO and RDMA.
Security researchers of Vrije University VUSec, the systems and network security group at VU Amsterdam presents the first security analysis of DDIO.
What is DDIO?
Data-Direct I/O (DDIO) is a performance-enhancing technology on recent Intel server-grade processors. Instead of reading/writing from/to slow memory, DDIO allows peripherals to read/write from/to the fast (last-level) cache. DDIO was specifically introduced to improve the performance of server applications in fast networks.
“The first network-based cache attack on the processor’s last-level cache of a remote machine. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server, said VUSec researchers.”
Intel released the security advisory,
A potential security vulnerability in some microprocessors with Intel® Data Direct I/O Technology (Intel® DDIO) and Remote Direct Memory Access (RDMA) may allow partial information disclosure via adjacent access.
Description: A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
CVSS Base Score: 2.6 Low
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Intel® Xeon® E5, E7 and SP families that support DDIO and RDMA.
Partial information potentially disclosed through exploitation of this vulnerability could be utilized to enhance unrelated attack methods. For published exploits that Intel is aware of, Intel recommends users follow existing best practices including:
Where DDIO and RDMA are enabled, limit direct access from untrusted networks.
The use of software modules resistant to timing attacks, using constant-time style code.
Intel would like to thank Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi from VU Amsterdam for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.