Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors


Bulletin ID: AMD-SB-1039
Potential Impact: Information Disclosure
Severity: Medium

Summary​

CVE-2021-46778
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information.

Affected Products ​

Desktop
  • AMD Ryzen™ 2000 series Desktop processors
  • AMD Ryzen™ 3000 Series Desktop processors
  • AMD Ryzen™ 5000 Series Desktop processors
  • AMD Ryzen™ 4000 Series Desktop processors with Radeon™ graphics
  • AMD Ryzen™ 5000 Series Desktop processors with Radeon™ graphics
High-End Desktop (HEDT)
  • 2nd Gen AMD Ryzen™ Threadripper™ processors
  • 3rd Gen AMD Ryzen™ Threadripper™ processors
Workstation
  • AMD Ryzen™ Threadripper™ PRO processors
Mobile
  • AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 2000 Series Mobile processors
  • AMD Ryzen™ 3000 Series Mobile processors, 2nd Gen AMD Ryzen™ Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 3000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 4000 Series Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 5000 Series Mobile processors with Radeon™ graphics
Chromebook
  • AMD Athlon™ 3000 Series Mobile processors with Radeon™ graphics
  • AMD Athlon™ Mobile processors with Radeon™ graphics
  • AMD Ryzen™ 3000 Series Mobile processors with Radeon™ graphics
Server
  • 1st Gen AMD EPYC™ processors
  • 2nd Gen AMD EPYC™ processors
  • 3rd Gen AMD EPYC™ processors 

Mitigation​

AMD recommends software developers employ existing best practices1,2, including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability.

Acknowledgement​

AMD thanks the following for reporting these issues and engaging in coordinated vulnerability disclosure:
CVE-2021-46778:
  • Stefan Gast, Daniel Gruss, Jonas Jiffinger and Martin Schwarzl of Lamarr Security Researcher/Graz University of Technology
  • Simone Franza, Andreas Kogler and Markus Kostl of Graz University of Technology
  • Gururaj Saileshwar of Georgia Institute of Technology

References​

  1. BearSSL - Constant-Time Crypto
  2. A beginner's guide to constant-time cryptography

Revisions​

Revision Date Description
08-09-2022Initial publication

Source:
 
Oh there's a surprise, the same bunch who dug up the Intel Exploit, obviously working overtime to make a name for themselves. :rolleyes:
 

My Computers

System One System Two

  • OS
    Windows 11 22H2 OS Build 22623.1095
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Build
    CPU
    AMD Ryzen 7 3800X
    Motherboard
    Asus PRIME B350-PLUS
    Memory
    16GB Corsair Vengeance LPX DDR4 @3000Mhz
    Graphics Card(s)
    ASUS - GeForce RTX 3070 Ti 8 GB TUF GAMING OC
    Sound Card
    On Board Realtec
    Monitor(s) Displays
    Acer KA241
    Screen Resolution
    1920 x 1080 @60Hz
    Hard Drives
    240GB PNY CS900 SSD - OS
    2 x 1TB Crucial MX500 SSD
    1 x 500GB Crucial MX300 SSD
    2TB Seagate ST2000DM001-1ER164
    2TB Seagate ST2000DM008-2FR102
    PSU
    750 Watt Corsair TX750 Plus
    Case
    Cooler Master 690 III
    Cooling
    Akasa AK98 5 Case Fans
    Keyboard
    Logitech K270 - wireless
    Mouse
    Logitech - M185 wireless
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.
  • Operating System
    Windows 11 Pro 22H2 build 22621.900
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Inspiron 3881 - modified with SFX PSU fitted internally
    CPU
    Intel i5 - 10400
    Motherboard
    Dell 032w55 version A00
    Memory
    16GB of HyperX Fury @ 2133 Mhz
    Graphics card(s)
    EVGA 6GB GTX 1060.
    Sound Card
    Builtin
    Monitor(s) Displays
    ACER KA241
    Screen Resolution
    1920x 1080 @60Hz
    Hard Drives
    256GB SK hynix NVMe
    1TB Western Digital WD10EZEX-75WN4A1
    PSU
    Modular 450 Watt Corsair SF450 Platinum ( Mod to replace the Dell 265 Watt PSU)
    Case
    Inspiron Small Desktop
    Cooling
    Dell stock cooler
    Mouse
    Dell
    Keyboard
    Dell
    Internet Speed
    BT Fibre 75 Mbps
    Browser
    Firefox
    Antivirus
    Windows Defender
    Other Info
    Use hardware KVM to switch monitors on three PCs and software (input director) to use mouse and keyboard on all 4 PCs.
Back
Top Bottom