Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years.
The vulnerability, referred to as Branch Privilege Injection (BPI), “can be exploited to misuse the prediction calculations of the CPU (central processing unit) in order to gain unauthorized access to information from other processor users,” ETH Zurich said.
Kaveh Razavi, head of the Computer Security Group (COMSEC) and one of the authors of the study, said the shortcoming affects all Intel processors, potentially enabling bad actors to read the contents of the processor’s cache and the working memory of another user of the same CPU.
The attack leverages what’s called Branch Predictor Race Conditions (BPRC) that emerge when a processor switches between prediction calculations for two users with different permissions, opening the door to a scenario where an unprivileged hacker could exploit it to bypass security barriers and access confidential information from a privileged process.
Intel has issued microcode patches to address the vulnerability, which has been assigned the CVE identifier CVE-2024-45332 (CVSS v4 score: 5.7).
“Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access,” Intel said in an advisory released on May 13.
The disclosure comes as researchers from the Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam detailed a category of self-training Spectre v2 attacks codenamed Training Solo.
“Attackers can speculatively hijack control flow within the same domain (e.g., kernel) and leak secrets across privilege boundaries, re-enabling classic Spectre v2 scenarios without relying on powerful sandboxed environments like eBPF,” VUSec said.
The hardware exploits, tracked as CVE-2024-28956 and CVE-2025-24495, can be used against Intel CPUs to leak kernel memory at up to 17 Kb/s, with the study finding that they could “completely break the domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks.”
- CVE-2024-28956 – Indirect Target Selection (ITS), which affects Intel Core 9th-11th, and Intel Xeon 2nd-3rd, among others.
- CVE-2025-24495 – Lion Cove BPU issue, which affects Intel CPUs with Lion Cove core
While Intel has shipped microcode updates for these defects, AMD said it has revised its existing guidance on Spectre and Meltdown to explicitly highlight the risk from the use of classic Berkeley Packet Filter (cBPF).
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Leave feedback about this