Researchers at ETH Zürich have discovered yet another security flaw, and notably, they state that it impacts all modern Intel CPUs and causes them to leak sensitive data from memory.This finding reinforces the notion that the vulnerability known as Spectre continues to haunt computer systems after more than seven years.
The vulnerability, referred to as Branch Privilege Injection (BPI), allows attackers to misuse the CPU’s (central processing unit’s) prediction calculations in order to gain unauthorized access to information from other processor users, according to ETH Zürich.
Kaveh Razavi, head of the Computer Security Group (COMSEC) and one of the study’s authors, emphasized that the shortcoming affects all Intel processors. As a result, bad actors could potentially read the contents of the processor’s cache and the working memory of another user on the same CPU.
The attack leverages a technique called Branch Predictor Race Conditions (BPRC), which arises when a processor switches between prediction calculations for two users with different permissions. Consequently, this opens the door to a scenario in which an unprivileged hacker exploits the situation to bypass security barriers and access confidential information from a privileged process.
Intel has already issued microcode patches to address the vulnerability, which carries the CVE identifier CVE-2024-45332 (CVSS v4 score: 5.7).
In an advisory released on May 13, Intel explained that shared microarchitectural predictor states — which influence transient execution in indirect branch predictors on some Intel processors — may allow an authenticated user to gain access to sensitive information through local access.
Meanwhile, researchers from the Systems and Network Security Group (VUSec) at Vrije Universiteit, Amsterdam have detailed a new category of self-training Spectre v2 attacks, codenamed Training Solo.
They noted that attackers can speculatively hijack control flow within the same domain (e.g., the kernel) and leak secrets across privilege boundaries. Therefore, this re-enables classic Spectre v2 scenarios without relying on powerful sandboxed environments like eBPF.
The hardware exploits, tracked as CVE-2024-28956 and CVE-2025-24495, can be used against Intel CPUs to leak kernel memory at rates of up to 17 Kb/s. Furthermore, the study found that these exploits could completely break domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks.
-
CVE-2024-28956 (CVSS v4 score: 5.7) – Indirect Target Selection (ITS), which affects Intel Core 9th–11th Gen and Intel Xeon 2nd–3rd Gen processors, among others.
-
CVE-2025-24495 (CVSS v4 score: 6.8) – Lion Cove BPU issue, which impacts Intel CPUs using the Lion Cove core.
While Intel has delivered microcode updates to patch these defects, AMD, in response, has updated its existing guidance on Spectre and Meltdown. Specifically, the company now highlights the risk associated with using the classic Berkeley Packet Filter (cBPF).
Source: TheHackerNews
Read more at Impreza News
