Zen CPUs are vulnerable to a flaw that can allow evildoers to perform side-channel attacks and reveal 4096-bit RSA keys with ease.
The flaw, discovered by several cybersecurity researchers from the technological universities of Graz and Georgia , was described in a document entitled ” SQUIP: Exploiting the Scheduler Queue Contention Side Channel ” and subsequently confirmed by AMD itself .
One of the authors of the research put it this way:
An attacker running on the same host and CPU core could be spying on what types of instructions you are executing due to the split-scheduler design on AMD CPUs. Apple’s M1 (probably M2 too) follows the same design but hasn’t been influenced yet as they haven’t introduced SMT into their CPUs yet.
SMT is short for “concurrent multithreading,” a technique that improves the efficiency of hardware multithreaded superscalar CPUs by enabling multiple independent threads of execution, using the chip’s resources more efficiently. The flaw comes from the way the CPU operates: it is able to execute multiple lines of code on a single CPU core in order to increase its performance.
But this also allows potential threat actors to monitor these instructions , and install malware on the device, even though almost all malware can be neutralized with a software patch, so to mitigate the vulnerability SMT technology must be disabled and that means a big blow to the chip’s performance.
- New vulnerability in AMD Ryzen CPUs could seriously jeopardize performance (TechRadar)