Intel Pumageddon: Broadband chip bug haunts Chipzilla's past, present and future

You can trivially DoS Puma 5 and 7-powered boxes, too


Intel says the performance issues that have dogged its Puma 6 gigabit broadband modem chipset also affect the Puma 5 and Puma 7 family.

A Chipzilla spokesperson confirmed to The Register on Tuesday that a TCP/UDP latency issue that makes home and business gateways powered by Puma 6 processors trivial to knock offline is also present in the Puma 5 and Puma 7 lines. This means swapping a Puma 6-based box – such as a Virgin Media Super Hub 3 – for a Puma 5 or 7 device won't do you any good right now.

The problem stems from the way the Puma chips handle network packets, whether they are from the WAN or LAN side. The modems are unable to cope with even modest loads of traffic in certain conditions, resulting in degraded performance and latency spikes.

For example, a light sweep of a vulnerable gateway's IP ports exhausts an internal lookup table, wrecking the performance of the embedded processor in what is effectively a denial-of-service attack. In other cases, it appears from network throughput graphs that the chipset is running a routine task every couple of seconds that stalls packet processing, inserting bursts of lag into connections.

To unlucky users, latency sensitive connections – such as online gaming – start to lag, until in worst cases it appears the broadband connection has died.

The issue was thought to be present only in Puma 6 modems. That it also is present in Puma 7 means those who had wanted to escape the flaw by upgrading to a newer box will be stuck waiting for a firmware update from Intel either way to correct the issue (or give up and opt for a modem powered by a Broadcom processor.)

While not exactly a full-blown crisis, the latency problems with Puma modems have been a nagging issue – particularly for gamers and streaming-heavy users, who have found it to be a major drag on latency and throughput on what should otherwise be gigabit or near-gigabit internet connections.

In the UK, Virgin Media customers have been waiting since last year for a promised fix that has yet to come.

The issue has led to at least one manufacturer that uses the chipset in its gigabit modems, Arris, being hit with a class-action lawsuit in America from aggrieved customers. A list of gateways built by various manufacturers that are believed to be affected by the Puma bug is here.

A long-running message board thread devoted to the issue quotes an Intel rep as saying a firmware fix is in the works, but it could be some time before affected broadband subscribers actually see the software update.

"Intel must develop & test the new code and deliver the code to the OEM. Then the OEM has to integrate and test the code in their specific end product, and then deliver the code to the cable operator," the spokesperson explained.

"And then the cable operator tests it in their environment before sending it to the end user. It is a chain of events, and everyone has their role to play and wants to test to make sure the new code plays nicely with all the other components."

The Puma series is positioned as a crucial component in Intel's Connected Home dream, providing the hardware for connecting up people's personal devices, gadgets and computers to the internet.

Interestingly, the Puma 5 chipset was bought by Intel from Texas Instruments in 2010. It uses an ARM11 CPU in big endian mode at its heart whereas the Puma 6 and 7 families use x86 Atom cores. That the performance issues exist across the 5, 6 and 7 lines suggests the problem may lie within dedicated packet-handling electronics wrapped around the CPU cores, or firmware code shared across the platform. ®

Similar topics


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021