Recently, security personnel discovered a vulnerability called “SQUIP”, which will threaten the security of AMD Zen series architecture processors, and may even affect Apple’s M1 series chips. Except for a few special models, basically these processors will be affected.
Each execution unit of AMD’s Zen-series architecture has a separate scheduler queue, as do Apple’s M1-series chips. It is understood that AMD processors using Simultaneous Multithreading Technology (SMT) are vulnerable to a SQUIP side-channel attack that leaks a 4096-bit RSA key. Daniel Gruss, a computer researcher at the Graz University of Technology, told the media:
Researchers working with AMD on the SQUIP vulnerability believe that the best course of action is to disable simultaneous multithreading on the affected Zen-series processors, although this will degrade the processor’s performance. The M2 series chips have not been affected for the time being, and Apple seems to have solved the problem with the new generation of chips.
AMD has now confirmed the existence of the issue, dubbed “AMD-SB-1039”, as a “moderate severity” threat. AMD recommends that software developers adopt best practices, in addition to recommending constant-time algorithms, and avoiding reliance on secret control flow where appropriate to help reduce the impact of this vulnerability.
Further reading: