Home
 » ISP News » 
Sponsored

Intel Coughs to Puma CPU Flaw that Hit Virgin Media Hub 3 Router UPDATE

Tuesday, August 14th, 2018 (9:17 am) - Score 21,507
virgin media superhub 3 router

After nearly two years Intel has finally published an advisory and formal CVE entry for a flaw in their Puma 5, 6 and 7 chipsets that resulted in various broadband ISP routers, such as Virgin Media UK’s Hub 3.0 (ARRIS TG2492S/CE), suffering from a mix of latency spikes and a DDoS security vulnerability.

The new advisory (INTEL-SA-00097) and related CVE (CVE-2017-5693) simply states, “Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic” and that “currently, we are not aware of any working exploits” (credits to The Register for spotting).

At the root of all this is the fact that the somewhat weak CPU (processor) inside the modem component of Virgin’s router (Puma 6) was taking on too much work while processing network packets, which caused the chipset to run a high-priority maintenance task every few seconds. Sadly this extra workload ended up causing momentary latency spikes (increases of 200 milliseconds+), plus a little packet loss.

Suffice to say that fans of fast paced multiplayer games and other time sensitive internet apps quickly noticed the resultant lag (high pings), which as Intel has suggested could separately also make the chipset more vulnerable to Distributed Denial of Service (DDoS) style attacks.

We first reported on this issue all the way back in 2016 (here), although Virgin Media only began deploying a related firmware fix (v9.1.116.603 or .608) for a limited number of their Hub 3.0 users earlier this year (here). In fairness Liberty Global chose the hardware for VM and both had to wait awhile for Intel’s suggested solution before they could even begin testing the fix, which was a significant change and thus took time to trial.

The partial fix involved shifting some of the workload away from the CPU (we think the AR9382 comms chip takes it on) and did a few other things to improve the situation, which resolved a fair bit of the underlying problem. But the last update we received in June 2018 suggested that Virgin Media had only distributed this firmware to a number of trial users and customers’ on their top 350Mbps tier (formerly 300Mbps).

Recently some Virgin Media customers have also claimed that the fix may be negatively impacting their WiFi performance (perhaps not too surprising given how the load has been switched around inside), but as we’ve said before there’s a limit to what the ISP or Intel can do about all this (underpowered hardware) and others report no such issues.

VM Customer Spitfire16 said:

“I have also seen a degrade in WiFi Performance since the 608 patch.”

VM Customer OllieNZ said:

“608 also destroyed my WIFI. I was already running some experiments to compare the SH3 to an old Asus RT-N66U and the 9 year old Asus consistently out performed the SH3 both in signal strength (at least 10dbm greater all throughout the house) and quality/stability. Then the update hit and destroyed the WIFI, it was barely usable from any more than 10ft away.”

Generally it’s always been best to stick the Hub 3.0 into modem-only mode and then use another router for handling the WiFi / home networking. Hopefully Virgin’s future Hub 4.0 router (SuperHub v4), whenever it turns up, will make use of better hardware to help move on from issues like this.

In the meantime we have requested an update from Virgin Media on the status of their firmware fix deployment and will amend this article once that arrives.

UPDATE 22nd August 2018

After much prompting we’ve finally heard back from Virgin Media on the status of their Hub 3.0 latency fix. The operator notes that their .608 firmware code has now been rolled out to around 90% of their base and they’ll push the upgrade to the remaining units in the “coming weeks“.

Virgin added that there have been no major performance issues identified in trials and pilot, although a small volume of post-rollout issues have been reported to their CPE (router) team and are being assessed at present.

Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
23 Responses
  1. Avatar Simon

    My wifi works fine on the patch – I have a SH3 and the Hiltron – no problems with either

  2. Avatar BuckleZ

    If anything my WIFI is better now than before with the latest firmware

  3. Avatar LordElpus

    Standard specification compliant : DOCSIS 3.0
    Hardware version : 10
    Software version : 9.1.116.608

    WiFi working fine on 2.4G and 5G

  4. Avatar Hiwm

    Hopefully in the SH4 they go for the a broadcom chipset.

  5. Avatar Michael Gore

    So what’s it like now for online gaming like Call of Duty and Forza etc please?

    • Avatar Chris McCall

      Mine updated…. Have to now use wired conection PS4 as greatly affected game play NO issues before. Very noticeable judder and lag.

  6. Avatar BlackDwarf

    Update has been pushed to my VMB Hitron (running in modem-mode connected to a pfsense box) and the latency under both normal usage and the ThinkBroadband BQM seems to have improved drastically. Saying that, I’d still much prefer to have a router that’s not got inherent security flaws…

  7. Avatar un4h731x0rp3r0m

    Good to see Intel finally admit to flaws in their chipset (though it was obvious to anyone with any sense), rather than leaving providers that have the misfortune of using it having the blame for bugs laid at their feet.

    • Avatar Spurple

      You are not Intel’s customer so they owe you nothing.

      Your beef should rightfully be with your ISP who can transfer that aggression to their component supplier and wave their contract around for leverage.

    • Avatar dean

      NO the fault in the device lays with Intel they admit the chip has flaws. So who you think should be blamed is irrelevant.

      Blaming the ISP Virgin in this case for a component in the device when they knew nothing about the bugs until the issues started to appear would be silly. You would have to blame every ISP that supply the same device (which is not just Virgin Media but several ISPs worldwide). Including the likes of Cox and Time Warner.

      The ISP blaming their supplier would also be daft as the supplier of the device is Arris. They also had nothing to do with the manufacture of Intel chip which causes the issues. Unless Arris wanted to commit business suicide as they supply a number of ISPs NOT just Virgin with the device, its highly unlikely they would had used a processor riddled with bugs if they knew about it.

      Encouraging an ISP to scream or “wave their contract” around at their supplier, would in no way help the issue for either the ISP or the customers of the ISP. If anything the ISP, Supplier of the devices (Arris) and Customers affected with a device should all be screaming at Intel for things to be put right. That is where the problem stems from. Thankfully Intel have realised that.

    • Avatar Spurple

      Ha Ha @Dean.

      As you can See, Intel didn’t care, they took two years to finally publish something about it.

      Don’t take it personal, it’s just the way it is. You didn’t buy a CPU from Intel, you bought Internet service from your ISP, and they shipped you a router that happens to have an intel chip in it.

      When the windscreen wipers on your car develop a fault, do you go to the manufacturer of the car or to the manufacturer of the wiper mechanism to complain?

    • Avatar un4h731x0rp3r0m

      “As you can See, Intel didn’t care, they took two years to finally publish something about it.”

      Err Intel is who he and i think the fault should be laid at. Intel also admit the fault is theirs as dean mentions.

      The fact Intel took 2 years to admit blame just demonstrates even more it was them to blame in the first place.

      “Don’t take it personal, it’s just the way it is. You didn’t buy a CPU from Intel, you bought Internet service from your ISP, and they shipped you a router that happens to have an intel chip in it.”

      Using that logic users did not buy the modem/router from anyone. So blaming the ISP would still be stupid.

      “When the windscreen wipers on your car develop a fault, do you go to the manufacturer of the car or to the manufacturer of the wiper mechanism to complain?”

      I fail to see how that example can be applied to something which had a known fault from the manufacturer rather than the supplier in the first place but regardless.

      When my windscreen wipers are knackered i do not blame the manufacturer of the car or the blades like a normal person i realise a rubber strip has a limited life span and so i go to a store and buy a new set.

      If you meant the mechanism, again i would not blame anyone for wear of a mechanical part. Things that move generally wear out over time. Perhaps you could try a better example to make your point.

    • Avatar dean

      “Ha Ha @Dean.

      As you can See…”

      Yes i can and i will repeat. “The fault in the device lays with Intel they admit the chip has flaws. So who you think should be blamed is irrelevant.”

  8. Avatar Stephen Rosson

    wow intel fanboys even on here

    DELID THIS LMAO ENJOY YOUR 2core 10nm housefire KEK

  9. Avatar EndlessWaves

    Intel may or may not be the cause of the problem, it would depend whether they marketed this chipset to handle the loads that are causing problems. If it’s performing as designed and only experiences this issue at abnormal loads then it’s not a fault, just a less than great design.

    But that’s between the manufacturers and their component supplies. Regardless of what’s going on up the chain, if the functionality the ISP had advertised is not there then they need to do something about it promptly. If there’s no prospect of a fix for the unit within a couple of weeks then they should start shipping out replacement access points with instructions on how to use them with the hub in modem-only mode. Or whichever other alternative solution that provides the advertised performance is most cost-effective for them.

    • Avatar un4h731x0rp3r0m

      The ARRIS TG2492S device (which most readers know as the Virgin hub 3) is also used on numerous providers all of which have had issues with it and the problem is the Intel chip and chipset used with it.

      Some other providers around the world also use the very similar but worse in some respects TG2472 (which has the same Intel 1.2ghz atom based chip with the puma chipsets and the same problems) nothing to do with abnormal load from Virgin.

      The problem is not the blame of Virgin or any other providers which provided that equipment before they knew of any issues with it. Never was, never will be.

  10. Avatar Ross Allan

    un4h731x0rp3r0m, you are missing the point.

    The flaw in the puma 6 chipset hardware/firmware is intel’s fault. No-one is disputing this.

    Failing to listen to reports from their trialists of latency issues, failing to roll out firmware improvments in a timely manner, and failing to provide alternative hardware without the problem is entirely on virgin media.

    • Avatar un4h731x0rp3r0m

      “un4h731x0rp3r0m, you are missing the point.”

      The point is Intel admit blame.

      “The flaw in the puma 6 chipset hardware/firmware is intel’s fault. No-one is disputing this.”

      End off discussion then.

      “Failing to listen to reports from their trialists of latency issues”

      If the trial device also had latency issues any change to that specific device would not help with the final hub 3 which everyone gets today. Early and trial versions of the hub 3 did not have the AR9382 as part of the chipset, therefore any firmware change to early devices would not have helped with the final retail version we have today.

      “failing to roll out firmware improvments in a timely manner”

      It can not be fixed, its a hardware flaw, the only thing firmware can do is shift the processing the device has to do to other areas of the chipset.

      “and failing to provide alternative hardware without the problem is entirely on virgin media.”

      A moment ago you expected issues to be fixed in a trial, now you are advocating they send out new devices which have never had any testing to replace the hub 3. What exactly do you want, testing or not?

  11. Avatar dragon

    It’s Virgin’s problem at the end of the day, it might be intel at fault but that’s between Virgin and their suppliers to sort out, our contracts are with virgin media not intel, it’s the hub that virgin supply.

    There are no other approved devices virgin allow on their network so going and purchasing an alternative isn’t even an option therefore it’s entirely on them.

    • Avatar un4h731x0rp3r0m

      “It’s Virgin’s problem at the end of the day, it might be intel at fault but that’s between Virgin and their suppliers to sort out”

      NO and no matter how many times you wait a few days then come back here to repeat the same thing with a new name it will not alter the fact.

      When Hotpoint has a tumble drier that may burst into flames you do not blame Currys who provided it, its down to hotpoint and hotpoint not currys recall it.

      The situation is no different here.

      “There are no other approved devices virgin allow on their network so going and purchasing an alternative isn’t even an option therefore it’s entirely on them.”

      You can use a separate router which alleviates the problem to some degree. VM have always allowed you to use your own router.

  12. Avatar Z

    Using SH3 in router mode with the 608 firmware, still getting huge spikes in League of Legends. It’ll go from 22ms up to 900ms, but usually jumps to 350ms. I took a long break from playing the game and hoped the issue would’ve been fixed by now but it still isn’t. I’ve also noticed sometimes I will get the same when playing CSGO. BDO works fine as it is an MMO. I love how the prices are increasing but nothing is being communicated about this issue.

  13. Avatar Alan

    It’s now October 2018 and my Superhub 3 has the latest firmware. I am using it in modem mode and routing through a Netgear ‘Nighthawk’ R7800 router. I am using a BQM to monitor the Virgin signal and guess what? – dropped packets, serious latency, lost connections etc etc. I have tried to get a ‘live chat’ (Virgin’s ‘preferred’ form of contact according to their website) and all I get is ‘not available – try during the hours the service is available). It’s just after mid-day, on a Wednesday, in the UK. Hours for live chat 8am to 8pm – HELLO!!
    By the way I’m not a ‘gamer’ or a video streamer. This happens when I’m using Google!
    The current Superhub 3 is a disaster and I blame Intel for the chip problems, the manufacturer of the Superhub for not acknowledging the problem and, yes, VIRGIN MEDIA (the only people with whom I have a contract and to whom I am paying for a service that’s not delivering what I am paying for – whatever the reason!) Of course Intel and the hub manufacturers need to get it sorted out but VIRGIN need to fulfil their contractual obligations. By no stretch of the imagination can they fall back on the ‘Internet speeds UP TO nnn’ argument when the speeds drop to less than 20 meg on a 200 meg service and often the connection is lost altogether.
    Rant over, I don’t expect it to be resolved any time soon but I now feel MUCH better!!

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £20.00 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: None
  • Direct Save Telecom £22.95 (*29.95)
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Origin Broadband £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • Vodafone £23.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • SSE £23.00 (*33.00)
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2468)
  2. FTTP (2096)
  3. FTTC (1634)
  4. Building Digital UK (1575)
  5. Openreach (1382)
  6. Politics (1380)
  7. Business (1209)
  8. Statistics (1079)
  9. FTTH (1015)
  10. Mobile Broadband (1009)
  11. Fibre Optic (957)
  12. Ofcom Regulation (902)
  13. Wireless Internet (887)
  14. 4G (876)
  15. Virgin Media (843)
  16. Sky Broadband (587)
  17. EE (578)
  18. TalkTalk (566)
  19. Vodafone (498)
  20. Security (402)
New Forum Topics
»
My g.fast install
Author: GoodfellowAdam
»
»
»
FTTP questions
Author: mageous92
»
To all those with Sky
Author: timeless
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact