A new vulnerability threatens all AMD Zen CPUs

Modern processors use techniques to maximize performance which, unfortunately, can lead to security problems. Surely, many of you will remember Meltdown and Specter, side-channel exploits that could affect most of the systems in circulation that exploit techniques of "speculative execution" and "branch prediction" to increase performance. A few years ago, their discovery caused a certain sensation, given that it was a problem at the hardware level and therefore not completely eliminable, but mitigated through updates both of the firmware and of the operating system used. More recently, however, we have given you Retbleed, a flaw that uses branch target injection to intercept information on modern processors.



Photo Credit: AMD AMD CPUs exploit, in many cases , Simultaneous Multi-Threading (SMT) technology to execute more than one thread per core, which is apparently vulnerable to the side-channel SQUIP attack, which would allow a 4,096-bit RSA key to be revealed fairly quickly. The vulnerability is present in all the current processors of the Sunnyvale company based on the Zen, Zen 2 and Zen 3 architectures. As explained by Daniel Gruss, researcher at Graz University of Technology, to The Register:

An attacker running on the same host and CPU core could spy on what types of instructions are executed due to the split design - AMD CPU scheduler. M1 (and probably M2 too) follows the same design, but is not yet interested as Apple has not yet introduced SMT into its CPUs.| ); }