Newly Discovered Vulnerabilities in Intel CPUs Facilitate Memory Leaks and Exploitations of Spectre Version 2

Researchers at ETH Zürich have identified a significant security vulnerability that affects all modern Intel CPUs. This vulnerability allows the unintended disclosure of sensitive information stored in memory, highlighting the ongoing implications of the previously acknowledged Spectre vulnerability, which has persisted for over seven years.

The newly discovered flaw is termed Branch Privilege Injection (BPI). This vulnerability can be exploited through the manipulation of the CPU’s prediction calculations, providing unauthorized access to information belonging to other users on the same processor. Kaveh Razavi, the head of the Computer Security Group (COMSEC) and one of the study’s authors, explained that this issue compromises all Intel processors, potentially enabling malicious actors to extract contents from the CPU’s cache and the active memory of other users sharing the same CPU.

The attack method leverages Branch Predictor Race Conditions (BPRC), which arise when a processor alternates between prediction tasks for users with differing permission levels. This creates exploitable conditions where an unauthorized adversary could circumvent security measures, allowing access to sensitive information protected by higher privilege levels.

In response to this vulnerability, Intel has distributed microcode patches, which have been assigned the CVE identifier CVE-2024-45332, with a CVSS v4 score of 5.7. Intel acknowledged in an advisory released on May 13 that the exposure of sensitive data stemming from shared microarchitectural predictor states could potentially allow authenticated users to disclose information through local access.

Furthermore, the Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam has revealed new categories of attacks related to the Spectre vulnerability, specifically targeting Spectre v2 scenarios. These attacks, which employ self-training techniques, can hijack control flow speculatively within the same domain (such as the kernel) and leak secrets across privilege boundaries without the need for advanced sandboxed environments.

Exploits documented under CVE-2024-28956 and CVE-2025-24495 allow for the leaking of kernel memory at rates of up to 17 Kb/s. The research suggests that these vulnerabilities could ultimately dismantle traditional domain isolation protocols, thereby re-enabling various Spectre v2 attacks across users and privileged processes.

Intel has provided microcode updates to mitigate these vulnerabilities. Concurrently, AMD has updated its guidance regarding Spectre and Meltdown vulnerabilities, explicitly addressing the risks associated with the use of classic Berkeley Packet Filter (cBPF).

In light of these developments, organizations utilizing Intel CPU technology should increase their vigilance and ensure that all available patches are applied promptly to mitigate potential risks associated with these vulnerabilities.