Severity

Medium

Analysis Summary

A side-channel vulnerability has been discovered in Intel Server CPUs that exploits the network performance-enhancing capabilities of recent Intel server CPUs. The vulnerability is named NetCat and uses these network performance-enhancing capabilities to potentially leak information transmitted during an SSH-protected session. It takes advantage of Data-Direct I/O (DDIO), a feature of recent Intel server-grade CPUs that allows peripherals to read/write from/to the fast (last-level) cache. It was introduced to improve performance of servers in high-speed network environments.

Using this vulnerability, an attacker on a remote system can, by merely sending packets to the targeted server, get information on the arrival timing of packets sent by a third system. After processing that information with statistical routines, an accurate decoding of text being typed on the third system can be created.

Impact

Sensitive Data Leakage

Affected Vendors

Intel

Affected Products

Intel Server CPUs

Remediation

• Intel recommends that customers should disable DDIO, which is enabled by default.
• Users should limit direct access from untrusted networks when DDIO & RDMA are enabled.