Almost all AMD Ryzen chips are vulnerable to side channel SQUIP attacks, and Intel and Apple M1 / M2 chips are not affected. 02/28 Update SLTechnology News&Howtos

Almost all AMD Ryzen chips are vulnerable to side channel SQUIP attacks, and Intel and Apple M1 / M2 chips are not affected.

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Shulou(Shulou.com)11/24 Report--

CTOnews.com, August 12 (Xinhua)-- Security research has uncovered a new CPU vulnerability, "SQUIP", which stands for Scheduler Queue Usage via Interference Probing. Ryzen chips based on AMD Zen architecture are easily affected by this new security vulnerability.

The vulnerability is related to multiple scheduler queues in CPU. Unlike AMD, Intel uses a single scheduler in its architecture, which means it is not affected by SQUIP.

On the AMD side, SKU with synchronous multithreading (SMT) technology is affected, which includes almost all AMD processor SKU, except for a few models (with a list below). The problem is tracked under ID "CVE-2021-46778".

The following is a summary and mitigation measures provided by AMD:

Generalization

Execution unit scheduler contention may result in side channel vulnerabilities found in AMD CPU microarchitectures using simultaneous multithreading (SMT) codenamed "Zen 1", "Zen 2" and "Zen 3". By measuring the contention level of the scheduler queue, an attacker may disclose sensitive information.

Remission

AMD recommends that software developers adopt existing best practices, including constant-time algorithms, and, where appropriate, avoid relying on secret control flows to help mitigate this potential vulnerability.

The following are AMD Ryzen SKU that are not affected by SQUIP vulnerabilities, from first-generation Zen 1 to Zen 3:

Ryzen 1000 (Zen 1)

Ryzen 3 1200

Ryzen 3 1300X

Ryzen 2000 (Zen 1 +)

Ryzen 3 2300X

Ryzen 3000 (Zen 2)

Ryzen 5 3500

Ryzen 5 3500X

Athlon 3000x4000 (Zen 2)

Athlon Gold 3150G/GE

Athlon Gold 4150G/GE

Except for the CPU listed above, all other Ryzen, Athlon, Threadripper, and EPYC processors are affected by SQUIP because they support SMT.

It is also important to note that initial reports claimed that Apple M1 CPU is also vulnerable to SQUIP vulnerabilities. Although M1 also uses a split scheduler, it should not be affected because Apple does not use SMT. The same may be true of M2 chips. However, if a future CPU, such as M3, is migrated to SMT with the same scheduler design, it will be vulnerable.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.