AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler

Written by Michael Larabel in AMD on 9 August 2022 at 02:10 PM EDT. 54 Comments
AMD
In addition to Intel's busy Patch Tuesday, AMD today made public CVE-2021-46778 that university researchers have dubbed the "SQUIP" attack as a side channel vulnerability affecting the execution unit scheduler across Zen 1/2/3 processors.

Researchers discovered that execution unit scheduler contention could lead to a side channel vulnerability on AMD Zen 1, Zen 2, and Zen 3 processors -- across all Ryzen / Threadripper / EPYC generations to this point. This side-channel vulnerability exists only when SMT is active and relies on measuring the contention level of scheduler queues in order to leak sensitive information.

AMD isn't releasing any new kernel mitigations or microcode workarounds for this "SQUIP" vulnerability but their guidance simply notes:
AMD recommends software developers employ existing best practices, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.

More details on this CVE-2021-46778 / SQUIP vulnerability via AMD.com.


The researchers from Lamarr Security Research, Graz University of Technology, and Georgia Institute of Technology have published their SQUIP whitepaper with more details on this new side-channel attack.
54 Comments
Related News
AMD 3rd Gen EPYC "Milan" Sees Some Performance Benefits To Ubuntu 24.04 LTS
AMD Prepares Linux For "Bus Lock Trap" Feature On Upcoming CPUs
AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs
GCC 14 Adds "GFX90C" For OpenMP Offloading To APUs With GFX9/Vega Graphics
New AMD Linux Patch Acknowledges More Zen 5 CPU Models
AMD Prepping Fixes & Enhancements For P-State CPUFreq Driver
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs
Punting GPU Drivers From The Initramfs Due To Ever Increasing Firmware Bloat
Valve Publishes Steam Survey Numbers For April 2024