New NetCAT CPU side-channel vulnerability exploitable over the network
Researchers have found yet another CPU feature that can be abused to leak potentially sensitive data, but this time with a twist: The attacker doesn’t need to have local access on the targeted machine because the attack works over the network.
The culprit is Intel’s Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor’s internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck.
Source:: IT news – Security