Every time we talk about a vulnerabilitywe know what we all fear is going to happen, a loss of performance. Either through the use of patches to mitigate it, or through processes to avoid it. So, with the new vulnerability called SQUIPwhat affects AMD Ryzenyou should disable the CMS (Simultaneous multi-threading) and thus directly “kill” the performance of our CPU and our PC.
Both Intel and AMD are exposed to a multitude of vulnerabilities, as they have already been experienced Spectrum, to melt or the recent ÆPIC. Given these, we can do no more than wait for solutions that combat them, since our Security is in play. Also, when it comes to countering them, we’re usually going to have a performance hit, although it’s usually not too big. Now, however, the impact may be much greater, as we would have to disable something as important as hyper threading from AMD, the technology that allows you to have multiple threads running on each core.
SQUIP vulnerability attacks AMD Zen processors with SMT
AMD released the report CVE-2021-46778, which explains the existence of a new vulnerability that affects the company’s processors. Under the name of SQUIPit consists of a vulnerability of side channelthereby compromising the 4096-bit RSA keys. According Daniel Grusscomputer science researcher at Graz University of Technology, it would affect processors amd and not Intel. Indeed, processors based on the architecture Zen have queue planning separated from several levelswhile Intel uses a single scheduler.
Interestingly, this design of AMD processors is also found in chips Apple M1. However, in the case of Apple’s SoC, there are no reports that it has been affected by this vulnerability. And it is that, Apple has not yet introduced the technology of hyper threading in their processors. This is where AMD is affected, as using SMT technology is where they are vulnerable to SQUIP and 4096-bit RSA keys can be discovered.
This happens because when using SMT, interference is introduced which allows the scheduler queue to be scanned and at this time the attacker can access it. Therefore, as quick and easy solutionresearchers believe that the best measure is to disable the SMT technology of the affected Zen processors. This means losing a huge amount of performance, as we only have wireless cores left.
Here we have the list of AMD processors affected
As can be seen, virtually all processors AMD Zen 1, Zen 2 Yes Zen 3 of the company are concerned. We thus have Ryzen 2000, Ryzen 3000 Yes Ryzen 5000 desktops and laptops, AMD Wire cutter second and third generation, Threadripper PRO and the first three generations of AMD EPYC. Also, to everyone’s surprise, AMD’s entry-level Athlon is also affected. These would be the AMD Athlon 3000 with Radeon graphics for Chromebooks and laptops.
Affecting most of the company’s processors, we could be considered to be in serious danger. AMD, for its part, in its report considered the SQUIP vulnerability as medium gravity and offered a solution. However, this was to recommend that software developers use existing best practices, in order to to mitigate this vulnerability.
Two days have passed and amd did not give a solution actual or offered mitigation for the SQUIP vulnerability. Therefore, the only alternative is the one proposed by the researchers, which is to disable the SMT of our AMD CPU. However, this involves a Performance loss that many of us can’t afford, so we’ll have to see if the case progresses or we have to make that tough decision.