The threat makes it easy to hackers to run side-channel attacks and reveal 4096-bit RSA keys. It was discovered by multiple cybersecurity researchers from technology universities in Graz, and Georgia, was described in a paper titled "SQUIP: Exploiting the Scheduler Queue Contention Side Channel," and later confirmed by AMD.
An attacker running on the same host and CPU core as you, could spy on which types of instructions you are executing due to the split-scheduler design on AMD CPUs," one of the authors explained.
Apple's M1 and M2 chips have the same design but are not affected but this is not something to brag about, Apple was too slow to introduce SMT in their CPUs.
For those not in the know, SMT is short for “simultaneous multithreading” - a technique that improves the efficiency of superscalar CPUs with hardware multithreading, allowing multiple independent threads of execution, using the chip’s resources more efficiently.
To mitigate the vulnerability, SMT technology needs to be disabled, and that means a significant blow to the chip’s performance.
Apparently, all Ryzen processors running Zen 1, Zen 2, and Zen 3 microarchitectures, are affected. AMD confirmed the problem and has dubbed it AMD-SB-1039: Execution unit Scheduler Contention Side-Channel Vulnerability on AMD Processors.
"AMD recommends software developers employ existing best practices including constant-time algorithms and avoiding secret-dependent control flows where appropriate to help mitigate this potential vulnerability," AMD's instructions state.