Xeon and Other Intel CPUs Hit by NetCAT Security Vulnerability, AMD Not Impacted

Credit: ShutterstockCredit: ShutterstockResearchers at Vrije University in Amsterdam revealed on Wednesday that Intel's server-grade processors suffer from a vulnerability, which they dubbed NetCAT. The vulnerability enables a side-channel attack that can infer what a CPU is working on and is said to rely on issues with two Intel technologies found primarily in the Xeon CPU line: Data-Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA). According to the researchers, AMD chips aren't impacted by the bug.

Intel said in a security bulletin that NetCAT affects Xeon E5, E7 and SP processors that support DDIO and RDMA. An underlying issue with DDIO--which has been enabled in Xeon processors by default since 2012--is what enables the side-channel attacks. Vrije University's researchers said that RDMA allows their exploit to "surgically control the relative memory location of network packets on the target server."

NetCAT remotely leaking keystrokes from a victim SSH session

According to the researchers, the vulnerability means that untrusted devices on a network "can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access." Right now the only way to defend against these attacks would be to disable DDIO entirely, but the researchers said disabling RDMA could help, at least a little bit, for anyone unwilling to give up DDIO in their servers.

Intel said in its bulletin that Xeon users should "limit direct access from untrusted networks" and use "software modules resistant to timing attacks, using constant-time style code." The Vrije University researchers said those software modules wouldn't actually defend against NetCAT, however, and would only theoretically help with similar exploits in the future. So the most secure option remains disablement.

Vrije University's researchers disclosed NetCAT to Intel and the Dutch National Cyber Security Centre on June 23. They received a bounty for their report (they didn't specify the amount) and coordinated the vulnerability's disclosure with Intel. More information about NetCAT is available via this research paper; it's also been assigned the CVE identifier of CVE-2019-11184.

    Your comment
  • Metal Messiah.
    Thank heavens, AMD CPUs are safe for now.
  • PC Tailor
    Thank heavens, AMD CPUs are safe for now.

    You say that, they also have security flaws.

    However I always take this with a bit of a pinch of salt, as ultimately, these flaws are being discovered by people being paid to find these flaws, and Intel still currently hold the mass market share, especially in commercial / business industry. So ultimately, its where you'd direct all of the funding and research of cyber security.

    You'd also be directing a lot of that work into the working industry, which are still predominantly Intel.

    I believe AMD will also have it's series of flaws, just there is less focus to find them. Not to say there is no focus, but less.
  • Metal Messiah.
    Yeah, obviously I know AMD CPUs also have security flaws. I was just referring specifically to this NetCAT vulnerability.