Описание
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
A flaw has been discovered in which an attacker can infer SSH keystrokes when after a victim connects to a compromised host. The attacker must compromise a server that the victim is connecting to and be able to groom the CPU cache on the system prior to or while a connection is in progress. The attack uses RDMA to groom the cache then measures the response time of cache access to aid in statistical likelihood of an educated guess of keystroke input. This flaw has been branded "NetCat".
Отчет
While the affected software can be run on a Red Hat Enterrprise Linux server, this flaw is not created or solvable at the operating system level. Connecting to an untrusted or compromised host can lead to any information sent to it being stolen.
Меры по смягчению последствий
This particular attack requires the compromised server to use RDMA and a Intel Xeon CPU. The Intel Xeon CPU family has a specific feature (DDIO) that allows RDMA to use CPU internal cache to improve RDMA performance. The client connecting to the compromised server does not need to use RDMA or DDIO.
- This attack is similar to connecting to any other compromised/untrusted host; any untrusted system could already log SSH input.
- RDMA is designed to not require operating system interaction, its interactions are between the network card and system hardware. If this functionality is compromised the operating system is unable to affect changes here. While this attack vector does seem unlikely, Red Hat recommends following Intel's instructions. Connecting to a compromised host is not recommended. Red Hat products can 'run' on the affected system but the system design is not something that is solvable in Red Hat products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 6 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Will not fix | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Will not fix | ||
| Red Hat Enterprise MRG 2 | kernel-rt | Will not fix |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
2.3 Low
CVSS3
Связанные уязвимости
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
Уязвимость микропрограммного обеспечения процессоров Intel, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
2.3 Low
CVSS3