Skip to main content

Intel CPU has loopholes? Xeon and other server CPUs may be threatened by NetCat

Researchers at the Vrije Universiteit Amsterdam published a report on this Wednesday (September 10), referring to a potential security vulnerability in Intel's server CPU, which they call NetCat.

The vulnerability relies on the two technologies of Intel server CPUs, Direct Data Transfer Technology (DDIO) and Remote Direct Data Access (RDMA). By launching a Side-channel attack, it can infer what the CPU is currently doing. According to researchers, AMD's CPU will not be affected by the vulnerability.

Intel stated in a security bulletin that NetCat affects server CPUs that support DDIO and RDMA, such as E5, E7, and expandable (SP) CPUs. A low-level problem of DDIO is the culprit of the side letter attack, and DDIO has been enabled by default on Xeon CPUs since 2012. A researcher at the Vrije Universiteit Amsterdam said that RDMA allows hackers to "precisely control the relative memory location of network packets on the target server."


NetCat can remotely leak keystrokes in SSH links

The researcher also said that the vulnerability also means that untrusted devices on the network can now leak sensitive information such as keystroke records in the secure shell protocol link (SSH session) through a remote server without obtaining local access rights. Currently, the only way to prevent these attacks is to completely shut down DDIO. As for turning off RDMA, although these attacks cannot be completely prevented, it is at least helpful for those who are unwilling to give up using DDIO.

Intel also stated in the same security bulletin that people using Xeon CPUs should "restrict the direct access to untrusted devices" and use "Constant-time style code software that can resist timing attacks." Module". Researchers at the Free University of Amsterdam said that these software modules are not able to resist NetCat, but theoretically they can prevent similar attacks in the future. So the best solution is still to turn off DDIO.

Researchers have reported the NetCat security vulnerabilities to Intel and the Dutch National Cyber ​​Security Center on June 23, and received bonuses for this. They also coordinated the publication time of the vulnerability with Intel.

Comments

Popular posts from this blog

AMD's GPU technology enters the mobile phone chip market for the first time

In addition to the release of the Exynos2100 processor, Samsung also confirmed a major event at this Exynos event, that is, the custom GPU that they have worked with AMD for many years will soon appear and will be used on the next flagship machine. The current Exynos2100 processor uses ARM’s Mali-G78GPU core with a total of 14 cores, so the GPU architecture developed by Samsung will be the next Exynos processor, and the GPU will be the focus. This is probably the meaning of Exynos2100’s GPU stacking. The key reason. Dr. InyupKang, president of Samsung’s LSI business, confirmed that the next-generation mobile GPU in cooperation with AMD will be used in the next flagship product, but he did not specify which product. Samsung is not talking about the next-generation flagship but the next one, so it is very likely that a new Exynos processor will be available this year, either for the GalaxyNote21 series or the new generation of folding screen GalaxyZFold3. In 2019, AMD and Samsung reached

Apple and Intel want to join the game, what happened to the GPU market?

Intel recently announced that it will launch Xe-LP GPU at the end of this year, officially entering the independent GPU market, and will hand over to TSMC for foundry. At the 2020 WWDC held not long ago, Apple also revealed that it is possible to abandon AMD's GPU and use a self-developed solution based on the ARM architecture. It will launch a self-developed GPU next year. What happened to the GPU market? Why are the giants entering the game?    Massive data calls for high-performance GPU    Why has the demand for GPUs increased so rapidly in recent years? Because we are entering an era where everything needs to be visualized. Dai Shuyu, a partner of Aiwa (Beijing) Technology Co., Ltd., told a reporter from China Electronics News that visualization requires a large amount of graphics and image computing capabilities, and a large amount of high-performance image processing capabilities are required for both the cloud and the edge.    Aiwa (Beijing) Technology Co., Ltd. is an enterp

NVIDIA officially launches RTX 30 series mobile graphics cards

In the early morning of January 13, NVIDIA officially launched the RTX30 series of mobile graphics cards at the CES2021 exhibition. Ampere-based GPUs have also reached the mobile terminal, mainly including RTX3080, RTX3070 and RTX3060 models. In addition to improving game performance, the RTX30 series of mobile graphics cards have twice the energy efficiency of the previous generation, and support the third-generation Max-Q technology, mainly supporting DynamicBoost2.0 dynamic acceleration technology, WisperMode2.0 noise control, ResizableBAR (similar to AMD’s SAM technology) and DLSS. The third-generation Max-Q technology uses AI and new system optimization to make high-performance gaming laptops faster and more powerful than ever. These technologies include: ·DynamicBoost2.0: The CPU and GPU powers of traditional gaming notebooks are fixed, while games and creative applications are dynamic, and the requirements for the system will vary with the number of frames. With DynamicBoost2.0,