Security11.08.2022

AMD Zen chips vulnerable to multi-threading attack

AMD has disclosed an execution unit scheduler contention side-channel vulnerability affecting Zen 1, Zen 2, and Zen 3 processors that use simultaneous multithreading (SMT).

The security vulnerability is tracked as CVE-2021-46778 and has a medium severity rating.

Simultaneous multithreading is what a processor uses to split each of its physical cores into virtual cores.

Multithreading increases performance since each physical processor core can run two instruction streams at once.

AMD confirmed that its implementation of SMT is vulnerable to the Schedular Queue Usage via Interference Probing (SQUIP) side-channel attack.

One of the researchers who discovered the SQUIP attack, Daniel Gruss, told The Register that an attack could determine an RSA-4096 key in roughly 38 minutes.

He said the technique assumes the attacker and target are co-located on different SMT threads of the same physical core but from different security domains.

Therefore, the attack is most relevant to cloud users on shared hardware.

“By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information,” AMD said.

To mitigate the vulnerability, AMD recommends that software developers “employ existing best practices, including constant-time algorithms and avoiding secret-dependent control flows where appropriate.”

The processors affected are as follows:

  • AMD Ryzen 2000 series Desktop processors
  • AMD Ryzen 3000 Series Desktop processors
  • AMD Ryzen 5000 Series Desktop processors
  • AMD Ryzen 4000 Series Desktop processors with Radeon graphics
  • AMD Ryzen 5000 Series Desktop processors with Radeon graphics
  • 2nd Gen AMD Ryzen Threadripper processors
  • 3rd Gen AMD Ryzen Threadripper processors
  • AMD Ryzen Threadripper PRO processors
  • AMD Athlon 3000 Series Mobile processors with Radeon graphics
  • AMD Ryzen 2000 Series Mobile processors
  • AMD Ryzen 3000 Series Mobile processors, 2nd Gen AMD Ryzen Mobile processors with Radeon graphics
  • AMD Ryzen 3000 Series Mobile processors with Radeon graphics
  • AMD Ryzen 4000 Series Mobile processors with Radeon graphics
  • AMD Ryzen 5000 Series Mobile processors with Radeon graphics
  • AMD Athlon 3000 Series Mobile processors with Radeon graphics
  • AMD Athlon Mobile processors with Radeon graphics
  • AMD Ryzen 3000 Series Mobile processors with Radeon graphics
  • 1st Gen AMD EPYC processors
  • 2nd Gen AMD EPYC processors
  • 3rd Gen AMD EPYC processors

Now read: Cisco hacked through employee’s compromised Google account

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter