Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

AMD Processors Expose Sensitive Data to New ‘SQUIP’ Attack

A group of academic researchers on Tuesday published a paper describing the first side-channel attack targeting the scheduler queues of modern processors.

A group of academic researchers on Tuesday published a paper describing the first side-channel attack targeting the scheduler queues of modern processors.

Over the past years, researchers have demonstrated several CPU side-channel attacks that could allow attackers to obtain potentially sensitive information from memory. Some of these attacks rely on measuring contention, which is the conflict between multiple threads trying to use the same resource.

Superscalar processors rely on scheduler queues to decide the schedule of the instructions being executed. Intel CPUs have a single scheduler queue, but chips made by Apple and AMD have separate queues for each execution unit.

AMD processors also implement simultaneous multithreading (SMT), where a CPU core is split into multiple logical cores or hardware threads that execute independent instruction streams.

Researchers from the Graz University of Technology, the Georgia Institute of Technology, and the Lamarr Security Research non-profit research center discovered that an attacker on the same hardware core as the victim but in a different SMT thread can measure scheduler contention to obtain sensitive data. The attack method has been dubbed SQUIP (Scheduler Queue Usage via Interference Probing).

“An attacker running on the same host and CPU core as you could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs.” Daniel Gruss, one of the Graz University of Technology researchers involved in the SQUIP project, explained in simple terms.

While Apple also uses separate scheduler queues for its M1 processors — and likely also M2 — it has yet to introduce SMT, which means its current processors are not impacted. However, if future Apple CPUs start using SMT, they could also be vulnerable to SQUIP attacks.

The researchers demonstrated the practicality of the attack by creating a covert channel that they used to exfiltrate data from a co-located virtual machine and a co-located process. Their experiments showed that an attacker can recover a full RSA-4096 encryption key.

Advertisement. Scroll to continue reading.

The researchers have proposed some hardware countermeasures that can be implemented in future CPUs, including the use of a single scheduler design, making schedulers symmetric, or isolating hardware threads more strictly in the scheduler queues. There are also some software mitigations that can be implemented by applications or the operating system.

AMD was informed about the issue in December 2021 and assigned it the CVE identifier CVE-2021-46778 and a severity rating of ‘medium’. The chip giant published an advisory on Tuesday, informing customers that Zen 1, Zen 2 and Zen 3 microarchitectures are impacted.

The list of affected products includes Ryzen, Athlon and EPYC processors for desktops, workstations, mobile devices, Chromebooks, and servers.

While Intel and Apple products are currently not impacted, they have been notified as well.

Related: Researchers Disclose New Side-Channel Attacks Affecting All AMD CPUs

Related: New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors

Related: Researchers Disclose Two New Attacks Against AMD CPUs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.