{"id":42939,"date":"2022-08-12T04:25:46","date_gmt":"2022-08-12T04:25:46","guid":{"rendered":"https:\/\/harchi90.com\/amds-entire-zen-cpu-family-affected-by-squip-vulnerability-requires-disabling-smt\/"},"modified":"2022-08-12T04:25:46","modified_gmt":"2022-08-12T04:25:46","slug":"amds-entire-zen-cpu-family-affected-by-squip-vulnerability-requires-disabling-smt","status":"publish","type":"post","link":"https:\/\/harchi90.com\/amds-entire-zen-cpu-family-affected-by-squip-vulnerability-requires-disabling-smt\/","title":{"rendered":"AMD’s Entire Zen CPU Family Affected By SQUIP Vulnerability, Requires Disabling SMT"},"content":{"rendered":"
\n

AMD’s entire Zen CPU family seems to be affected by side-channel SQUIP vulnerability and the only workaround right now is to disable SMT.<\/p>\n

AMD Zen CPUs were found vulnerable to side-channel SQUIP vulnerability, affecting all SMT-enabled chips<\/h2>\n

CPU manufacturers have found ways to execute out-of-order performance to improve a processor’s capability. Superscalar processors implement instruction-level parallelism within a single processor. AMD, which uses a simultaneous multi-threading process, is vulnerable to a SQUIP side-channel attack, revealing 4096-bit RSA keys immediately, reports Tom’s Hardware<\/a>.<\/p>\n

Similar to Apple’s M1-series processors, AMD and the company’s Zen microarchitecture have individual scheduler queues per execution unit. The individual schedulers that AMD utilizes with simultaneous multi-threading (SMT) activated present interferences throughout all workloads, creating multiple opportunities to access “scheduler queue contention via performance counters and unserialized timer reads across sibling threads on the same core.” This observing and preparatory activity introduces side-channel attacks in those individual scheduler queues.<\/p>\n

Researchers from the Graz University of Technology recently discussed with The Register the vulnerability, calling the technique Scheduler Queue Usage via Interference Probing (SQUIP).<\/p>\n

\n

An attacker running on the same host and CPU core as you could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs. Apple’s M1 (probably also M2) follows the same design but is not affected yet as they haven’t introduced SMT in their CPUs yet.<\/em><\/p>\n

\u2014 Daniel Gruss, computer researcher, Graz University of Technology<\/p>\n<\/blockquote>\n

SQUIP affects all current AMD Ryzen CPUs from the three Zen microarchitectures. Attackers initially run malicious code to the processor core, which takes some time. After the exploit fully processes, the weakness is exploited, and data begins processing from the CPU core to the destination.<\/p>\n

\n
<\/div>
Image source: Jason R. Wilson, Wccftech. All assets are property of their respective owners.<\/figcaption><\/figure>\n

Researchers have worked with AMD on SQUIP and feel that the best action may be to disable the SMT technology on the affected Zen architecture-based processors, which will deplete performance.<\/p>\n

\n

AMD recommends software developers employ existing best practices including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability…<\/em><\/p>\n

\u2014 quote from the recent AMD mitigation<\/p>\n<\/blockquote>\n

AMD’s confirmation of the issue (AMD-SB-1039: Execution Unit Scheduler Contention Side-Channel vulnerability on AMD Processors) is currently seen by the company as a medium-level threat and has the information and instructions on how to disable the SMT here.<\/p>\n

News Sources: Graz University of Technology, Tom’<\/a>s Hardware, The Register, AMD, <\/p>\n<\/p><\/div>\n