CATEGORIES
home IT/Enterprise Security

AMD's Zen Architecture Is Vulnerable To A New Insidious SMT Security Flaw

by Mark TysonThursday, August 11, 2022, 11:47 AM EDT
AMD Zen SQUIP flaw
Researchers have detailed the SQUIP attack, which is particularly worrisome for users of AMD Zen 1, Zen 2 and Zen 3 processors. Researchers were able measure the precise degree of Scheduler Queue Usage (i.e., occupancy) via Interference Probing, giving the attack its name. Using this technique, it was possible in tests to recover a full RSA-4096 encryption key from a user on a co-located virtual machine (VM) and co-located process.

SQUIP is claimed by researchers from the Graz University of Technology, the Georgia Institute of Technology, and the Lamarr Security Research Center to be the first side-channel attack on scheduler queues. Regular readers will be aware of the raft of side-channel memory reading vulnerabilities a few years back, with the most famous being Spectre and Meltdown. Here the data isn’t spied upon in memory, but within the processor scheduler queue. For this reason, AMD Zen 1, Zen 2 and Zen 3 processors are the most vulnerable – with per execution unit scheduler queues and SMT (simultaneous multi-threading) providing the co-located VM/process snooping opportunities.

Based on the above information, this vulnerability is not likely to be a huge problem for home PC users, enthusiasts and gamers. The attack as it is currently known to work relies on a few special conditions – namely that the attacker and victim must have co-located VMs or processes using the same physical core but run their code on different SMT threads. Thus, the victim’s process can be spied upon by an attacker using the other core thread in a VM. The researchers were able to extract data at a rate of 0.89 Mbit/s from a co-located VM and a rate of 2.70 Mbit/s from a co-located process with very high degrees of accuracy.

SQUIP scheduler and SMT flaw

The researchers have put forward some countermeasures that could be applied to processor architectures going forward to close SQUIP attack vectors. Mitigating measures could include making schedulers symmetric, moving to a single scheduler design, or bolstering the isolation of threads.

Intel processors are not vulnerable to this attack as they have a single scheduler queue. Meanwhile, Apple Silicon processors with split scheduler queues do not currently utilize SMT.

AMD has already assigned the SQUIP flaw a CVE identifier CVE-2021-46778 and says it is a ‘medium’ severity issue.
Tags:  AMD, security, zen, side channel
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment