AMD’s Entire Zen CPU Family Affected By SQUIP Vulnerability, Requires Disabling SMT

AMD's entire Zen CPU family seems to be affected by side-channel SQUIP vulnerability and the only workaround right now is to disable SMT.

CPU manufacturers have found ways to execute out-of-order performance to improve a processor's capability. Superscalar processors implement instruction-level parallelism within a single processor. AMD, which uses a simultaneous multi-threading process, is vulnerable to a SQUIP side-channel attack, revealing 4096-bit RSA keys immediately, reports Tom's Hardware.

Similar to Apple's M1-series processors, AMD and the company's Zen microarchitecture have individual scheduler queues per execution unit. The individual schedulers that AMD utilizes with simultaneous multi-threading (SMT) activated present interferences throughout all workloads, creating multiple opportunities to access "scheduler queue contention via performance counters and unserialized timer reads across sibling threads on the same core." This observing and preparatory activity introduces side-channel attacks in those individual scheduler queues.

Researchers from the Graz University of Technology recently discussed with The Register the vulnerability, calling the technique Scheduler Queue Usage via Interference Probing (SQUIP).

An attacker running on the same host and CPU core as you could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs. Apple's M1 (probably also M2) follows the same design but is not affected yet as they haven't introduced SMT in their CPUs yet.

— Daniel Gruss, computer researcher, Graz University of Technology

SQUIP affects all current AMD Ryzen CPUs from the three Zen microarchitectures. Attackers initially run malicious code to the processor core, which takes some time. After the exploit fully processes, the weakness is exploited, and data begins processing from the CPU core to the destination.

Researchers have worked with AMD on SQUIP and feel that the best action may be to disable the SMT technology on the affected Zen architecture-based processors, which will deplete performance.

AMD recommends software developers employ existing best practices including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability...

— quote from the recent AMD mitigation

AMD's confirmation of the issue (AMD-SB-1039: Execution Unit Scheduler Contention Side-Channel vulnerability on AMD Processors) is currently seen by the company as a medium-level threat and has the information and instructions on how to disable the SMT here.

News Sources: Graz University of Technology, Tom's Hardware, The Register, AMD