Beware: Almost all AMD Ryzen chips found vulnerable to side-channel SQUIP attacks

An AMD Ryzen processor inside its socket

A new CPU vulnerability dubbed “SQUIP”, which is the short for Scheduler Queue Usage via Interference Probing, has been discovered by security researches. Apple M1 processors and AMD Zen-based Ryzen chips, among others, have been found vulnerable to this new security flaw.

The vulnerability is related to the multi-scheduler queues in CPUs. Intel, unlike Apple and AMD, uses a single scheduler in its architecture, which means it is not affected by SQUIP. The latter however use multiple schedulers.

On the AMD side, SKUs with simultaneous multi-threading (SMT) technology are affected, which is nearly every AMD processor SKU out there except for a few models (We have listed them towards the end). The issue is tracked under the ID “CVE-2021-46778”.

Here is a summary and mitigation measures provided by AMD:

Summary

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.

Mitigation

AMD recommends software developers employ existing best practices, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.

The AMD Ryzen SKUs that are not affected by the SQUIP vulnerability are given below, starting from first-gen Zen 1 to Zen 3:

  • Ryzen 1000 (Zen 1)
    • Ryzen 3 1200
    • Ryzen 3 1300X
  • Ryzen 2000 (Zen 1+)
    • Ryzen 3 2300X
  • Ryzen 3000 (Zen 2)
    • Ryzen 5 3500
    • Ryzen 5 3500X
  • Athlon 3000/4000 (Zen 2)
    • Athlon Gold 3150G/GE
    • Athlon Gold 4150G/GE

Aside from the CPUs listed above, all other Ryzen, Athlon, Threadripper and EPYC processors are affected by SQUIP since they come with SMT.

Meanwhile, for Apple, it is said that the M1 is vulnerable to SQUIP. Interestingly, no mention of M2 has been made, which could mean that the flaw has been resolved in the case of the latter.

Source: AMD via The Register (PDF)


Edit: The article in its original state incorrectly claims that M1 CPUs are vulnerable. Although M1 also uses the split schedulers, it is not affected since Apple does not use SMT. And this is likely also the case for M2. However, in case future CPUs like M3 (say) move to SMT with the same scheduler design then it will be vulnerable.

Report a problem with article
Intel logo written on red PCB design on a black background
Next Article

Beware: Intel 10th, 11th, 12th Gen CPUs have ÆPIC flaw that does not need side channels

Previous Article

Google Fiber announces expansion to five states in the U.S.

19 Comments - Add comment

Advertisement