Researchers at Vrije University in Amsterdam revealed on Wednesday that Intel's server-grade processors suffer from a vulnerability, which they dubbed NetCAT. The vulnerability enables a side-channel attack that can infer what a CPU is working on and is said to rely on issues with two Intel technologies found primarily in the Xeon CPU line: Data-Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA). According to the researchers, AMD chips aren't impacted by the bug.
Intel said in a security bulletin that NetCAT affects Xeon E5, E7 and SP processors that support DDIO and RDMA. An underlying issue with DDIO--which has been enabled in Xeon processors by default since 2012--is what enables the side-channel attacks. Vrije University's researchers said that RDMA allows their exploit to "surgically control the relative memory location of network packets on the target server."
According to the researchers, the vulnerability means that untrusted devices on a network "can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access." Right now the only way to defend against these attacks would be to disable DDIO entirely, but the researchers said disabling RDMA could help, at least a little bit, for anyone unwilling to give up DDIO in their servers.
Intel said in its bulletin that Xeon users should "limit direct access from untrusted networks" and use "software modules resistant to timing attacks, using constant-time style code." The Vrije University researchers said those software modules wouldn't actually defend against NetCAT, however, and would only theoretically help with similar exploits in the future. So the most secure option remains disablement.
Vrije University's researchers disclosed NetCAT to Intel and the Dutch National Cyber Security Centre on June 23. They received a bounty for their report (they didn't specify the amount) and coordinated the vulnerability's disclosure with Intel. More information about NetCAT is available via this research paper; it's also been assigned the CVE identifier of CVE-2019-11184.