Select Page

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.

Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff out sensitive data, such as someone’s SSH password, from Intel’s CPU cache.

Discovered by a team of security researchers from the Vrije University in Amsterdam, the vulnerability, tracked as CVE-2019-11184, resides in a performance optimisation feature called Intel’s DDIO—short for Data-Direct I/O—which by design grants network devices and other peripherals access to the CPU cache.

The DDIO comes enabled by default on all Intel server-grade processors since 2012, including Intel Xeon E5, E7 and SP families.

According to the researchers [paper], NetCAT attack works similar to Throwhammer by solely sending specially crafted network packets to a targeted computer that has Remote Direct Memory Access (RDMA) feature enabled.

RDMA enables attackers to spy on remote server-side peripherals such as network cards and observe the timing difference between a network packet that is served from the remote processor’s cache versus a packet served from memory.

images from Hacker News