NetCAT: CPU Vulnerability Affects Intel's Server Processors

Researchers at the Vrije University of Amsterdam have developed another side-channel attack on Intel processors, which affects the server CPUs since the Sandy Bridge EP generation (Xeon E5-2600 / 2400) from 2012.

NetCAT, short for Network Cache ATtack, with the CVE number CVE-2019-11184 Leverages the Data-Direct I / O (DDIO) feature, where network controllers write data directly to the fast L3 cache of Intel processors. The feature speeds up network-heavy applications where memory would otherwise be limited.

NetCAT is similar to the publicized in May 2019 security vulnerability ZombieLoad, which is also tailored to Intel and represents a side channel attack. Because it is an Intel feature, AMD and other chip makers are not affected by NetCAT.

Attackers discover an infected system within a network when network data is written to the L3 cache of a CPU via DDIO. The content can not be read by attackers, but the time intervals of the write commands.

In an SSH session, conclusions can be drawn on the written text: Each keystroke sends a network packet. Software can analyze the writing behavior of the user and determine the position of the key and thus the letters over the time intervals between the inputs.

The Remote Direct Memory Access (RDMA) CPU feature allows processors within a network to share memory access, allowing an infected system to attack all CPUs within a network.

The VUSec research team made Intel aware of the vulnerability in June 2019. Intel classifies the security risk as low (CVSS score 2.6). Opposite the website ZDNet The chipmaker claims that attackers typically do not have direct access from an untrusted network.

Intel recommends that server operators restrict access rights within the network or disable the DDIO and RDMA features.


. (TagsToTranslate) Intel (t) processors (t) side channel (t) Security (t) vulnerabilities (t) Xeon