DDIO, or Direct Data I / O, is a performance improvement exclusive to Intel that allows NICs to directly access the L3 cache of a processor, bypassing the RAM of the server completely, to increase the performance of the NIC and reduce latencies. Cybersecurity researchers from the Vrije Universiteit Amsterdam and ETH Zurich, in a research article published on Tuesday, discovered a critical vulnerability in the DDIO that allows compromised servers in a network to steal data from any other machine in their local network.
This includes the ability to obtain keystrokes and other confidential data that flow through the memory of vulnerable servers. This effect is aggravated in data centers that not only have DDIO, but also RDMA (remote direct memory access) enabled, in which a single server can compromise a complete network. RDMA is a key ingredient to improve performance in HPCs and supercomputing environments.
Intel in its initial response asked customers to disable DDIO and RDMA on machines with access to unreliable networks, while working on the patches.
The NetCAT vulnerability is a big problem for web hosting providers. If a hacker rents a server in a data center with RDMA and DDIO enabled, it can compromise other clients' servers and steal their data.
The team also posted an informative video about the nature of NetCAT. AMD EPYC processors are not compatible with DDIO.
NetCAT remotely leaking keystrokes from a victim SSH session