{"id":456183,"date":"2022-08-11T13:22:43","date_gmt":"2022-08-11T11:22:43","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=456183"},"modified":"2022-08-11T13:23:47","modified_gmt":"2022-08-11T11:23:47","slug":"amd-zen-chips-vulnerable-to-multi-threading-attack","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/456183-amd-zen-chips-vulnerable-to-multi-threading-attack.html","title":{"rendered":"AMD Zen chips vulnerable to multi-threading attack"},"content":{"rendered":"<p>AMD has <strong><a href=\"https:\/\/www.amd.com\/en\/corporate\/product-security\/bulletin\/amd-sb-1039\" target=\"_blank\" rel=\"noopener\">disclosed<\/a><\/strong> an execution unit scheduler contention side-channel vulnerability affecting Zen 1, Zen 2, and Zen 3 processors that use simultaneous multithreading (SMT).<\/p>\n<p>The security vulnerability is tracked as CVE-2021-46778 and has a medium severity rating.<\/p>\n<p><strong><a href=\"https:\/\/www.tomshardware.com\/reviews\/simultaneous-multithreading-definition,5762.html\" target=\"_blank\" rel=\"noopener\">Simultaneous multithreading<\/a><\/strong> is what a processor uses to split each of its physical cores into virtual cores.<\/p>\n<p>Multithreading increases performance since each physical processor core can run two instruction streams at once.<\/p>\n<p>AMD confirmed that its implementation of SMT is vulnerable to the Schedular Queue Usage via Interference Probing (SQUIP) side-channel attack.<\/p>\n<p>One of the researchers who discovered the SQUIP attack, Daniel Gruss, told <strong><a href=\"https:\/\/www.theregister.com\/2022\/08\/09\/intel_sunny_cove\/\" target=\"_blank\" rel=\"noopener\">The Register<\/a><\/strong> that an attack could determine an RSA-4096 key in roughly 38 minutes.<\/p>\n<p>He said the technique assumes the attacker and target are co-located on different SMT threads of the same physical core but from different security domains.<\/p>\n<p>Therefore, the attack is most relevant to cloud users on shared hardware.<\/p>\n<p>\u201cBy measuring the contention level on scheduler queues an attacker may potentially leak sensitive information,\u201d AMD said.<\/p>\n<p>To mitigate the vulnerability, AMD recommends that software developers \u201cemploy existing best practices, including constant-time algorithms and avoiding secret-dependent control flows where appropriate.\u201d<\/p>\n<p>The processors affected are as follows:<\/p>\n<ul>\n<li>AMD Ryzen 2000 series Desktop processors<\/li>\n<li>AMD Ryzen 3000 Series Desktop processors<\/li>\n<li>AMD Ryzen 5000 Series Desktop processors<\/li>\n<li>AMD Ryzen 4000 Series Desktop processors with Radeon graphics<\/li>\n<li>AMD Ryzen 5000 Series Desktop processors with Radeon graphics<\/li>\n<li>2nd Gen AMD Ryzen Threadripper processors<\/li>\n<li>3rd Gen AMD Ryzen Threadripper processors<\/li>\n<li>AMD Ryzen Threadripper PRO processors<\/li>\n<li>AMD Athlon 3000 Series Mobile processors with Radeon graphics<\/li>\n<li>AMD Ryzen 2000 Series Mobile processors<\/li>\n<li>AMD Ryzen 3000 Series Mobile processors, 2nd Gen AMD Ryzen Mobile processors with Radeon graphics<\/li>\n<li>AMD Ryzen 3000 Series Mobile processors with Radeon graphics<\/li>\n<li>AMD Ryzen 4000 Series Mobile processors with Radeon graphics<\/li>\n<li>AMD Ryzen 5000 Series Mobile processors with Radeon graphics<\/li>\n<li>AMD Athlon 3000 Series Mobile processors with Radeon graphics<\/li>\n<li>AMD Athlon Mobile processors with Radeon graphics<\/li>\n<li>AMD Ryzen 3000 Series Mobile processors with Radeon graphics<\/li>\n<li>1st Gen AMD EPYC processors<\/li>\n<li>2nd Gen AMD EPYC processors<\/li>\n<li>3rd Gen AMD EPYC processors<\/li>\n<\/ul>\n<hr \/>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/456109-cisco-hacked-through-employees-compromised-google-account.html\">Cisco hacked through employee\u2019s compromised Google account<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>AMD has disclosed a security vulnerability that affects Zen 1, Zen 2, and Zen 3-based processors.<\/p>\n","protected":false},"author":341094,"featured_media":456187,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[577,73476,80541,80539],"class_list":["post-456183","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-amd","tag-amd-ryzen-processors","tag-schedular-queue-usage-via-interference-probing-squip","tag-simultaneous-multi-threading-smt"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/456183"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341094"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=456183"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/456183\/revisions"}],"predecessor-version":[{"id":456205,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/456183\/revisions\/456205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/456187"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=456183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=456183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=456183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}