Published in PC Hardware

AMD's Zen CPU's will need to be slowed

by on12 August 2022


Medium-severity flaw means you will have to listen to the sound of one hand clapping for a while 

 AMD’s Zen CPUs are vulnerable to a medium-severity flaw which means AMD will have to turn off SMT technology which will make the chips pretty much as bad as Intel's.

The threat makes it easy to hackers to run side-channel attacks and reveal 4096-bit RSA keys.  It was discovered by multiple cybersecurity researchers from technology universities in Graz, and Georgia, was described in a paper titled "SQUIP: Exploiting the Scheduler Queue Contention Side Channel," and later confirmed by AMD.

An attacker running on the same host and CPU core as you, could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs," one of the authors explained.

Apple's M1 and M2 chips have the same design but are not affected but this is not something to brag about, Apple was too slow to introduce SMT in their CPUs. 

For those not in the know, SMT is short for “simultaneous multithreading” - a technique that improves the efficiency of superscalar CPUs with hardware multithreading, allowing multiple independent threads of execution, using the chip’s resources more efficiently.

To mitigate the vulnerability, SMT technology needs to be disabled, and that means a significant blow to the chip’s performance.

Apparently, all Ryzen processors running Zen 1, Zen 2, and Zen 3 microarchitectures, are affected. AMD confirmed the problem and has dubbed it AMD-SB-1039: Execution unit Scheduler Contention Side-Channel Vulnerability on AMD Processors.

"AMD recommends software developers employ existing best practices including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability," AMD's instructions state.

 

Last modified on 12 August 2022
Rate this item
(6 votes)

Read more about: