Security researchers from the Graz University of Technology, the Georgia Institute of Technology, and the Lamarr Security Research non-profit research center on Tuesday published a new paper describing the first side-channel attack targeting the scheduler queues of modern CPUs.
The new CPU vulnerability dubbed “SQUIP”, which is short for Scheduler Queue Usage via Interference Probing, affects AMD Zen-based Ryzen chips.
The vulnerability is related to the multi-scheduler queues in CPUs. While Intel CPUs have a single scheduler queue, the Apple M1, AMD Zen 2, and Zen 3 microarchitectures have separate scheduler queues for each execution unit.
While Apple also uses individual scheduler queues for its M1 processors and likely also M2, it has yet to introduce simultaneous multi-threading (SMT) technology, which means its current processors are not affected.
“An attacker running on the same host and CPU core as you, could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs,” explained Daniel Gruss, one of the Graz University of Technology researchers involved in the SQUIP project. “Apple’s M1 (probably also M2) follows the same design but is not affected yet as they haven’t introduced SMT in their CPUs yet.”
As far as AMD is concerned, nearly every AMD processor SKU with SMT technology is affected by the SQUIP vulnerability, starting from first-gen Zen 1 to Zen 3, except for a few models mentioned below:
- Ryzen 3 1200
- Ryzen 3 1300X
- Ryzen 3 2300X
- Ryzen 5 3500
- Ryzen 5 3500X
- Athlon Gold 3150G/GE
- Athlon Gold 4150G/GE
AMD has assigned the problem the CVE identifier “CVE-2021-46778” and a severity rating of ‘Medium’. Given below is a summary and mitigation measures issued by AMD in an advisory on Tuesday:
Summary
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.
Mitigation
AMD recommends software developers employ existing best practices, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.
Other than the CPUs listed above, all other Ryzen, Athlon, Threadripper, and EPYC processors for desktops, workstations, mobile devices, Chromebooks, and servers are also affected by the SQUIP vulnerability since they come with SMT.
Meanwhile, Intel and Apple have too been notified about the CPU vulnerability, although their products have not been presently affected by the problem.
