A group of researchers has published information about a new vulnerability that affects all AMD processors with Zen, Zen 2 and Zen 3 architectures.
The vulnerability is called SQUIP (Scheduler Queue Usage via Interference Probing), exploitation of which allows attackers to gain access to sensitive data.Image source: AMDModern superscalar processors, which can execute multiple instructions simultaneously, use several ways to further boost performance.
One of the most effective ways is multi-threading (SMT) - it divides the processor core into multiple logical cores to execute independent instruction threads.However, the SMP implementation in modern AMD processors has proven vulnerable to a third-party attack called SQUIP.
It consists of analyzing instructions executed by a process by observing how it competes for resources with another process executing on the same core.
Zen, Zen 2 and Zen 3 processors are susceptible to this problem because they use several scheduler queues, one for each executable.
SMT-enabled Zen, Zen 2 and Zen 3 schedulers create competition between workloads, which opens the door to observing scheduler queue competition through performance counters on the same hardware core.Researchers from Graz University of Technology, Georgia Institute of Technology and Lamarr Security Research, a nonprofit research center, found that an attacker thread that is executed on the same hardware core as the victim thread thanks to SMT can analyze the scheduler's performance to obtain The researchers demonstrated a practical implementation of the SQUIP attack on different systems with Ryzen and EPYC processors.
As part of the demonstration, they were able to recover the RSA-4096 encryption key used by a process that was running in a different virtual machine but on the same CPU core.
\"An attacker running their process on the same host and CPU core as you can keep track of what types of instructions you execute.
It is possible because of the split scheduler in AMD processors,\" said Daniel Gruss of Graz University of Technology and one of the authors of the study.
It should be noted that a similar scheme with a separate scheduler for each execution device is used in Apple's M1 and M2 processors.
However, their SQUIP vulnerability is not affected because Apple processors do not support multithreading.
The problem could become relevant if they implement an SMP counterpart.AMD was reportedly informed about the SQUIP issue in December 2021, and it was assigned a CVE-2021-46778 identifier and a \"medium\" severity rating.
AMD published a bulletin this week informing the public of the existence of the vulnerability in processors with Zen, Zen 2 and Zen 3 architectures.
\"To mitigate the vulnerability, AMD recommends that software developers use existing best practices, such as constant runtime algorithms and avoiding secret-dependent control flows,\" AMD said in the advisory.
0 Comments