AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

Written by Michael Larabel in AMD on 9 August 2022 at 02:10 PM EDT. 54 Comments
AMD
In addition to Intel's busy Patch Tuesday, AMD today made public CVE-2021-46778 that university researchers have dubbed the "SQUIP" attack as a side channel vulnerability affecting the execution unit scheduler across Zen 1/2/3 processors.

Researchers discovered that execution unit scheduler contention could lead to a side channel vulnerability on AMD Zen 1, Zen 2, and Zen 3 processors -- across all Ryzen / Threadripper / EPYC generations to this point. This side-channel vulnerability exists only when SMT is active and relies on measuring the contention level of scheduler queues in order to leak sensitive information.

AMD isn't releasing any new kernel mitigations or microcode workarounds for this "SQUIP" vulnerability but their guidance simply notes:
AMD recommends software developers employ existing best practices, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.

More details on this CVE-2021-46778 / SQUIP vulnerability via AMD.com.


The researchers from Lamarr Security Research, Graz University of Technology, and Georgia Institute of Technology have published their SQUIP whitepaper with more details on this new side-channel attack.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week