SQUIP vulnerability affects AMD Zen-series processors

SQUIP vulnerability

Recently, security personnel discovered a vulnerability called “SQUIP”, which will threaten the security of AMD Zen series architecture processors, and may even affect Apple’s M1 series chips. Except for a few special models, basically, these processors will be affected.

SQUIP vulnerability

Each execution unit of AMD’s Zen-series architecture has a separate scheduler queue, as do Apple’s M1-series chips. It is understood that AMD processors using Simultaneous Multithreading Technology (SMT) are vulnerable to a SQUIP side-channel attack that leaks a 4096-bit RSA key. Daniel Gruss, a computer researcher at the Graz University of Technology, toldAn attacker running on the same host and CPU core as you, could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs. Apple’s M1 (probably also M2) follows the same design but is not affected yet as they haven’t introduced SMT in their CPUs yet.”

Researchers working with AMD on the SQUIP vulnerability believe that the best course of action is to disable simultaneous multithreading on the affected Zen-series architecture processors, although this will degrade the processor’s performance. The M2 series chips have not been affected for the time being, and Apple seems to have solved the problem with the new generation of chips.

AMD has now confirmed the existence of the issue, dubbed “AMD-SB-1039“, as a “medium severity” threat. AMD recommends software developers employ existing best practices, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.