Hard blow for AMD. A vulnerability impacting its entire “Zen” family of processors has been discovered, and currently the only way to prevent it from being exploited is… to disable the SMT.
SMT (Simultaneous multithreading), used by AMD as an equivalent to Intel’s hyperthreading, can be affected by a vulnerability dubbed “SQUIP”, for “Scheduler Queue Usage via Interference Probing”. That’s what this week reports WCCFTech.
For the time being, the only solution to prevent this flaw from being exploited is to purely and simply deactivate the SMT, with the result of automatically sacrificing a significant part of the performance on the processors concerned… and in this case there are many of them. This vulnerability concerns all chips belonging to the Zen family, and therefore almost all of AMD’s recent processors.
As explained WCCFTech, SMT is used by AMD to take advantage of parallelism on its processors, in order to significantly improve their capabilities. The discovered vulnerability makes it possible to exploit this parallelism to instantly reveal RSA 4096-bit encryption keys. This is enough to offer potential hackers the right to inspect certain operations carried out by the processor.
Zen 1, Zen 2 and Zen 3 architectures concerned… but not only
” An attacker using the same host and CPU core as you could spy on the types of instructions you execute due to the split-scheduler design of AMD CPUs “, thus explained toThe RegisterDaniel Gruss, security researcher at Graz University of Technology, Austria. He adds that this type of attack, which currently affects AMD’s Zen 1, Zen 2 and Zen 3 x64 architectures, could also affect Apple Silicon chips in the future.
Despite their ARM architecture, Apple’s M1 and M2 processors do indeed have some commonalities with AMD’s chips in terms of design. They too exploit parallelism, but are currently protected…because they simply don’t use SMT. Of course, nothing tells us that this will not be the case in the future. “The M1 processor (and probably also the M2) follows the same design but is not yet affected because Apple has not yet introduced SMT in its CPUs», notes Daniel Gruss.
For its part, AMD evokes a threat of “medium gravity“, listed under the reference AMD-SB-1039. The firm therefore sticks to relatively succinct recommendations for developers. “AMD recommends that software developers stick to existing best practices, including constant-time algorithms, and avoid ‘secret-dependent’ control flows, where applicable, to help mitigate this potential vulnerability.“, we read.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.