Researchers at ETH Zürich have uncovered a new security flaw affecting all modern Intel CPUs, leading to the leakage of sensitive data from memory. This vulnerability, known as Branch Privilege Injection (BPI), exploits the CPU’s prediction calculations to gain unauthorized access to information from other processor users, as reported by ETH Zurich.
Kaveh Razavi, head of the Computer Security Group (COMSEC) at ETH Zurich, warned that this flaw impacts all Intel processors, potentially allowing malicious actors to access confidential data from another user’s cache and working memory.
The attack relies on Branch Predictor Race Conditions (BPRC) to manipulate the CPU’s prediction calculations between different users with varying permissions, enabling unauthorized access to privileged information.
Intel has released microcode patches to mitigate this vulnerability, identified as CVE-2024-45332 (CVSS v4 score: 5.7).
Meanwhile, a separate study by the Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam unveiled a new category of hardware exploits, named Training Solo, targeting Intel CPUs to leak kernel memory at high speeds and bypass domain isolation, reintroducing classic Spectre v2 attack scenarios.
- CVE-2024-28956 – Indirect Target Selection (ITS), affecting Intel Core 9th-11th and Intel Xeon 2nd-3rd processors.
- CVE-2025-24495 – Lion Cove BPU issue, impacting Intel CPUs with Lion Cove core.
Although Intel has issued fixes for these vulnerabilities, AMD has revised its guidance on Spectre and Meltdown to address risks associated with classic Berkeley Packet Filter (cBPF) usage.
