Intel finally emits Puma 1Gbps modem fixes – just as new ping-of-death bug emerges

Broadband-throttling bug finally gets a write-up and CVE


More than 18 months after the design blunder was first brought to light, Intel is still working to iron out the creases in its Puma high-speed broadband modem chipsets.

In recent weeks, Chipzilla quietly put out an advisory as well as finally confirming a formal CVE entry – CVE-2017-5693 – for the security vulnerability.

When exploited by miscreants, this flaw causes Puma 5, 6, and 7 modem components – used in various high-speed broadband gateways – to suffer performance-wise. A particular pattern of packets exhausts resources within the chipsets, causing spikes in latency, which ruin online gaming and similar interactive tasks, or blowing the hardware off the internet entirely.

First detailed in December 2016, the vulnerability dates back to Puma's Texas Instrument days, but more recently it had shown up in the Puma 5 chipset and Puma 6 and 7 SoCs built and marketed by Intel. The bug potentially allows an attacker to knock a targeted home modem offline or increase connection lag with a relatively small packet payload.

The vulnerability roped Intel into a class-action lawsuit against modem vendor Arris, which was accused of violating US consumer protection laws by selling devices containing the dodgy Puma SoCs.

Meanwhile, the mitigation for the Puma blunder, a modem firmware update to block the sequence of packets that triggers the performance hit, is now being rolled out albeit at a snail's pace.

"Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic," Intel stated in its advisory.

A puma

Intel Pumageddon: Broadband chip bug haunts Chipzilla's past, present and future

READ MORE

"Intel is working with Internet service providers and manufacturers for retail devices to help deliver to affected devices the updated firmware which mitigates these issues."

Even as Intel works to get the fix out, another problem with Puma may have cropped up. The same users and researchers at the DSLReports.com forums who discovered the underlying design shortcoming that would become CVE-2017-5693 have also found that, in Canada, Rogers modems using the Puma 7 hardware are falling over.

A company performing a security audit at an unnamed Canadian business found that when probing the Puma 7-powered Rogers routers on the WAN side, the boxes crashed and rebooted due to an unknown error, it is claimed.

It is not known whether the crashes are a result of triggering CVE-2017-5693, or the work of a completely new and different bug. Intel did not respond to a request for comment on the report. ®

Similar topics

Broader topics


Other stories you might like

  • Intel demos multi-wavelength laser array integrated on silicon wafer
    Next stop – on-chip optical interconnects?

    Intel is claiming a significant advancement in its photonics research with an eight-wavelength laser array that is integrated on a silicon wafer, marking another step on the road to on-chip optical interconnects.

    This development from Intel Labs will enable the production of an optical source with the required performance for future high-volume applications, the chip giant claimed. These include co-packaged optics, where the optical components are combined in the same chip package as other components such as network switch silicon, and optical interconnects between processors.

    According to Intel Labs, its demonstration laser array was built using the company's "300-millimetre silicon photonics manufacturing process," which is already used to make optical transceivers, paving the way for high-volume manufacturing in future. The eight-wavelength array uses distributed feedback (DFB) laser diodes, which apparently refers to the use of a periodically structured element or diffraction grating inside the laser to generate a single frequency output.

    Continue reading
  • Intel ships crypto-mining ASIC at the worst possible time
    Chipmaker finally ahead of schedule only to find it arrived too late

    Comment Intel has begun shipping its cryptocurrency-mining "Blockscale" ASIC slightly ahead of schedule, and the timing could not be more unfortunate as digital currency values continue to plummet.

    Raja Koduri, the head of Intel's Accelerated Computing Systems and Graphics group, tweeted Wednesday the company has started initial shipments of the Blockscale ASIC to crypto-mining firms Argo Blockchain, Hive Blockchain and Griid:

    Continue reading
  • Intel withholds Ohio fab ceremony over US chip subsidies inaction
    $20b factory construction start date unchanged – but the x86 giant is not happy

    Intel has found a new way to voice its displeasure over Congress' inability to pass $52 billion in subsidies to expand US semiconductor manufacturing: withholding a planned groundbreaking ceremony for its $20 billion fab mega-site in Ohio that stands to benefit from the federal funding.

    The Wall Street Journal reported that Intel was tentatively scheduled to hold a groundbreaking ceremony for the Ohio manufacturing site with state and federal bigwigs on July 22. But, in an email seen by the newspaper, the x86 giant told officials Wednesday it was indefinitely delaying the festivities "due in part to uncertainty around" the stalled Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Act.

    That proposed law authorizes the aforementioned subsidies for Intel and others, and so its delay is holding back funding for the chipmakers.

    Continue reading

Biting the hand that feeds IT © 1998–2022