Squip – an attack on AMD processors, leading to data leakage by third -party channels

A group of researchers from the Graz Technical University (Austria), previously known for the development of the MDS, Netspectre, Throwhammer and Zombieload, opened Information about the new method of attacking third-party channels (CVE-2021-46778) in line of the AMD processor planner, used to plan instructions in different CPU executive blocks. The attack, called Squip, allows you to determine the data used during calculations in another process or virtual machine or organize a hidden communication channel between processes or virtual machines, which allows you to exchange data bypassing the systemic mechanisms of access.

The problem is subject to CPU AMD based on the zen microarchitectures of the first, second and third generations (AMD Ryzen 2000-5000, AMD Ryzen Threadripper, AMD Athlon 3000, AMD Epyc) when using simultaneous multi-seating technology (SMT). Intel processors are not susceptible to attack, since they use one turn of the planner, while in vulnerable AMD processors, separate queues are used for each executive block. As a workaround for blocking information leakage, AMD recommended the developers use , mathematical calculations in which are always performed in a constant time, regardless of the nature of the processed data, as well as avoid branching based on secret data.

The attack is based on the assessment of the level of conflict (Contence Level) in different lines of the planner and is carried out through the measurement of delays when starting verification operations performed in another SMT stream on the same physical CPU. To analyze the contents, the method is used prime+probe , which implies the filling of the line with a reference set of values ​​and determining changes through the measurement of access time during the second filling.

During the experiment, the researchers managed to completely recreate the closed 4096-bit RSA-key, used to create digital signatures using the MBEDTLS 3.0 cryptographic library, in which the Montgomery algorithm is used to erect a module. To determine the key, it was required to perform 50,500 tracer. The total time of the attack took 38 minutes. The attack options are demonstrated, providing a leak between different processes and virtual machines controlled by the KVM hypervisor. It is also shown that the method can be used to organize a hidden data transfer between virtual machines at a speed of 0.89 Mbit/S and between processes at a speed of 2.70 Mbit/S at errors level of less than 0.8%.

/Media reports.