AMD Zen CPUs were found vulnerable to side-channel SQUIP vulnerability, affecting all SMT-enabled chips
CPU manufacturers have found ways to execute out-of-order performance to improve a processor’s capability. Superscalar processors implement instruction-level parallelism within a single processor. AMD, which uses a simultaneous multi-threading process, is vulnerable to a SQUIP side-channel attack, revealing 4096-bit RSA keys immediately, reports Tom’s Hardware. Similar to Apple’s M1-series processors, AMD and the company’s Zen microarchitecture have individual scheduler queues per execution unit. The individual schedulers that AMD utilizes with simultaneous multi-threading (SMT) activated present interferences throughout all workloads, creating multiple opportunities to access “scheduler queue contention via performance counters and unserialized timer reads across sibling threads on the same core.” This observing and preparatory activity introduces side-channel attacks in those individual scheduler queues. Researchers from the Graz University of Technology recently discussed with The Register the vulnerability, calling the technique Scheduler Queue Usage via Interference Probing (SQUIP). SQUIP affects all current AMD Ryzen CPUs from the three Zen microarchitectures. Attackers initially run malicious code to the processor core, which takes some time. After the exploit fully processes, the weakness is exploited, and data begins processing from the CPU core to the destination. — Daniel Gruss, computer researcher, Graz University of Technology Researchers have worked with AMD on SQUIP and feel that the best action may be to disable the SMT technology on the affected Zen architecture-based processors, which will deplete performance. AMD’s confirmation of the issue (AMD-SB-1039: Execution Unit Scheduler Contention Side-Channel vulnerability on AMD Processors) is currently seen by the company as a medium-level threat and has the information and instructions on how to disable the SMT here. — quote from the recent AMD mitigation News Sources: Graz University of Technology, Tom’s Hardware, The Register, AMD
