An unpatched bug in the firmware of Intel Puma 6 chipsets — used within several models of gigabit cable modems — is causing latency issues, and may also be used to knock devices offline via a gentle packet stream.

The issues came to light after multiple modem owners started complaining about their sluggish devices on the DSLReports forum in December 2016.

Initially, users lamented about an ICMP latency issue with Arris modems, but after further tests, users tracked down the problem to the firmware of the Intel Puma 6 chipset.

Intel Puma 6 CPUs drop around 6% of network packets

The problem appears to be with the modem's Intel Puma 6 CPU, which takes too much to process network packets.

At every couple of seconds, a high-priority task sidetracks the CPU, which temporarily takes up all the processor's resources, introducing at least a 200ms latency in network traffic. This rogue high-priority task typically makes Puma 6-based modems drop around 6% of IPv4 or IPv6 packets.

The issue was first spotted by online gamers, who noticed recurring lag during their gameplay. Forum users said they brought the issue to Intel's attention, but the company has not released a fix.

Lawfirm preparing class-action lawsuit

Intel may regret this decision in the long run, as San Francisco-based law firm Schubert Jonckheer & Kolbe is now investigating the issue and asking modem owners to sign-up for a potential class-action lawsuit.

Furthermore, the bug can be exploited for pranks. According to one forum user, a constant low-bandwidth packet stream is more than enough to overwhelm the modem and force it offline.

The packet stream doesn't even have to be a large-scale DDoS attack. Users reported that 1% of their bandwidth was more than enough to crash their modem, who remained offline until the constant packet stream had stopped.

The only condition was that the attacker knew the victim's IP address, so he would know where to send his packet storm.

Below is a list of cable modems with Puma 6 chipsets that users reported with latency issues. DLSReports users have also put together an online page where other cable modem owners can test their devices.

    Arris SB6190
    Arris TG1672G
    Arris TM1602
    Super Hub 3 (Arris TG2492LG)  (commonly, Virgin Media)
    Hitron CGN3 / CDA / CGNV series modems:
    Hitron CDA-32372
    Hitron CDE-32372
    Hitron CDA3-35
    Hitron CGNV4
    Hitron CGNM-3552 (commonly, Rogers)
    Hitron CGN3 (eg CGN3-ACSMR)
    Hitron CGNM-2250 (commonly, Shaw)
    Linksys CM3024
    Linksys CM3016
    TP-Link CR7000
    Netgear AC1750 C6300 AC1900
    Netgear CM700
    Telstra Gateway Max (Netgear AC1900 / C6300) (Australia)
    Cisco DPC3848V
    Cisco DPC3941B / DPC3941T  (commonly, Comcast Xfinity XB3)
    Cisco DPC3939
    Compal CH7465-LG / Arris TG2492LG (commonly, Virgin Media Hub 3)
    Samsung Home Media Server

Related Articles:

The Intel Microcode Boot Loader Protects Older CPUs From Spectre

Spectre and Meltdown Hardware Protection Added to Intel's 9th Gen CPUs