A flaw has been reported called "NetCat" (Not to be confused with netcat the networking utility of the same name https://en.wikipedia.org/wiki/Netcat) which outlines a situation in which an attacker can use statistical measurements on a system where an attacker is able to groom the systems CPU cache remotely on a system using RDMA and DDIO (Usually xeon CPUS). Once groomed, the cache access timing can be measured to predict keystroke inputs using statistical timing models to correctly guess keyboard input. This requires an attacker to have advanced privileges on the system which the target is connecting to (with RDMA) , the target system does not require RDMA. While this attack vector does seem unlikely, Red Hat recommends following Intels instructions. Connecting a compromised host is not recommended. RDMA requires specialized hardware is not expected to be accessible across a public network. Red Hat reccomends RDMA configurations to be on a private network with tightly controlled access control lists and monitoring. Intel advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html Intel overview: https://software.intel.com/security-software-guidance/insights/more-information-netcat
This flaw is rated as low for a number of reasons. The data captures is keystrokes not password data on the initial connection. This configuration is no different than connecting to any other comprimised server that has malicious intent...
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11184
Statement: While the affected software can be run on a Red Hat Enterrprise Linux server, this flaw is not created or solvable at the operating system level. Connecting to an untrusted or compromised host can lead to any information sent to it being stolen.
External References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html https://software.intel.com/security-software-guidance/insights/more-information-netcat https://www.vusec.net/projects/netcat/ https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
Mitigation: This particular attack requires the compromised server to use RDMA and a Intel Xeon CPU. The Intel Xeon CPU family has a specific feature (DDIO) that allows RDMA to use CPU internal cache to improve RDMA performance. The client connecting to the compromised server does not need to use RDMA or DDIO. - This attack is similar to connecting to any other compromised/untrusted host; any untrusted system could already log SSH input. - RDMA is designed to not require operating system interaction, its interactions are between the network card and system hardware. If this functionality is compromised the operating system is unable to affect changes here. While this attack vector does seem unlikely, Red Hat recommends following Intel's instructions. Connecting to a compromised host is not recommended. Red Hat products can 'run' on the affected system but the system design is not something that is solvable in Red Hat products.