Announcement

Collapse
No announcement yet.

AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

    Phoronix: AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

    In addition to Intel's busy Patch Tuesay, AMD today made public CVE-2021-46778 that university researchers have dubbed the "SQUIP" attack as a side channel vulnerability affecting the execution unit scheduler across Zen 1/2/3 processors...

    https://www.phoronix.com/news/AMD-Side-Channel-SQUIP

  • #2
    I guess the only mitigation to this would be to turn off SMT entirely, which would especially impact popular chips like the Ryzen 3300X & Steam Deck's Van Gogh APU, since it would then leave them with just 4 cores & threads, which is already too low for some newer games.

    Presumably that's why AMD doesn't want to take that route, similar to Intel.

    Comment


    • #3
      Michael

      AMD isn't releasing any mew kernel mitigations or microcode workarounds for this "SQUIP" vulnerability but their guidance simply notes:
      Of course they aren't. You don't mitigate a cat.

      Comment


      • #4
        Originally posted by Linuxxx View Post
        I guess the only mitigation to this would be to turn off SMT entirely, which would especially impact popular chips like the Ryzen 3300X & Steam Deck's Van Gogh APU, since it would then leave them with just 4 cores & threads, which is already too low for some newer games.

        Presumably that's why AMD doesn't want to take that route, similar to Intel.
        I like how their suggestion is basically write better code.

        Comment


        • #5
          skeevy420

          My man, good to see you are back!

          Was getting worried since you had been MIA for some time now.

          I take it Stray has led you astray?

          Comment


          • #6
            I am not really loyal to any brand, but I can't resist to point out to the AMD fanboys that we told them it will be just a matter of time before AMD vulnerabilities will be discovered.

            It is not just Intel. It happens to all of them.

            Comment


            • #7
              I guess its "SQUIP" Game

              Comment


              • #8
                Originally posted by Raka555 View Post
                I am not really loyal to any brand, but I can't resist to point out to the AMD fanboys that we told them it will be just a matter of time before AMD vulnerabilities will be discovered.

                It is not just Intel. It happens to all of them.
                Yeah except this requires an oddly specific circumstance to exploit and can be fixed using proper software development. It isn't clear to me whether physical access is needed or not for SQUIP, which so far has been the case for most of AMD's exploits. If physical access isn't required then this vulnerability is a bit more serious, but considering AMD has no intention on patching it, I assume the exploit must not be threatening enough.

                Comment


                • #9
                  Originally posted by Raka555 View Post
                  I am not really loyal to any brand, but I can't resist to point out to the AMD fanboys that we told them it will be just a matter of time before AMD vulnerabilities will be discovered.

                  It is not just Intel. It happens to all of them.
                  Nice try fanboy. It matters how many and how impactful vulnerabilities there were. AMD wins so far.

                  Comment


                  • #10
                    This is yet another reminder to use mitigations=auto,nosmt if you run any untrusted code.

                    Comment

                    Working...
                    X