Announcement

Collapse
No announcement yet.

AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

Collapse
X
Collapse
 
  • Page of 6
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 6 template Next
  • #1

    AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

    Phoronix: AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

    In addition to Intel's busy Patch Tuesay, AMD today made public CVE-2021-46778 that university researchers have dubbed the "SQUIP" attack as a side channel vulnerability affecting the execution unit scheduler across Zen 1/2/3 processors...

    AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler - Phoronix
    https://www.phoronix.com/news/AMD-Side-Channel-SQUIP
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 1
  • #2
    I guess the only mitigation to this would be to turn off SMT entirely, which would especially impact popular chips like the Ryzen 3300X & Steam Deck's Van Gogh APU, since it would then leave them with just 4 cores & threads, which is already too low for some newer games.

    Presumably that's why AMD doesn't want to take that route, similar to Intel.
    • Likes 8

    Comment

    • #3
      Michael

      AMD isn't releasing any mew kernel mitigations or microcode workarounds for this "SQUIP" vulnerability but their guidance simply notes:
      Of course they aren't. You don't mitigate a cat.
      • Likes 15

      Comment

      • #4
        Originally posted by Linuxxx View Post
        I guess the only mitigation to this would be to turn off SMT entirely, which would especially impact popular chips like the Ryzen 3300X & Steam Deck's Van Gogh APU, since it would then leave them with just 4 cores & threads, which is already too low for some newer games.

        Presumably that's why AMD doesn't want to take that route, similar to Intel.
        I like how their suggestion is basically write better code.
        • Likes 15

        Comment

        • #5
          skeevy420

          My man, good to see you are back!

          Was getting worried since you had been MIA for some time now.

          I take it Stray has led you astray?

          Comment

          • #6
            I am not really loyal to any brand, but I can't resist to point out to the AMD fanboys that we told them it will be just a matter of time before AMD vulnerabilities will be discovered.

            It is not just Intel. It happens to all of them.
            • Likes 10

            Comment

            • #7
              I guess its "SQUIP" Game
              • Likes 5

              Comment

              • #8
                Originally posted by Raka555 View Post
                I am not really loyal to any brand, but I can't resist to point out to the AMD fanboys that we told them it will be just a matter of time before AMD vulnerabilities will be discovered.

                It is not just Intel. It happens to all of them.
                Yeah except this requires an oddly specific circumstance to exploit and can be fixed using proper software development. It isn't clear to me whether physical access is needed or not for SQUIP, which so far has been the case for most of AMD's exploits. If physical access isn't required then this vulnerability is a bit more serious, but considering AMD has no intention on patching it, I assume the exploit must not be threatening enough.
                • Likes 12

                Comment

                • #9
                  Originally posted by Raka555 View Post
                  I am not really loyal to any brand, but I can't resist to point out to the AMD fanboys that we told them it will be just a matter of time before AMD vulnerabilities will be discovered.

                  It is not just Intel. It happens to all of them.
                  Nice try fanboy. It matters how many and how impactful vulnerabilities there were. AMD wins so far.
                  • Likes 14

                  Comment

                  • #10
                    This is yet another reminder to use mitigations=auto,nosmt if you run any untrusted code.
                    • Likes 6

                    Comment

                    Previous 1 2 3 4 6 template Next
                    Working...
                    X