Researchers at ETH Zürich have identified a new vulnerability affecting modern Intel CPUs called Branch Privilege Injection (BPI). This flaw allows unauthorized users to access sensitive data from memory due to defects in the CPU's prediction calculations, specifically during transitions between different usersâ permissions. This vulnerability, designated CVE-2024-45332, affects all Intel processors. Furthermore, Intel has issued microcode patches to mitigate risks. The vulnerability showcases the persistent challenges posed by Spectre, now more than seven years since its discovery, as new attack methods continue to emerge.
Researchers at ETH Zürich discovered a new Intel CPU vulnerability, Branch Privilege Injection, allowing unauthorized memory data access and highlighting ongoing Spectre challenges.
Kaveh Razavi noted that all Intel processors are affected, allowing unauthorized users to read memory and cache data using Branch Predictor Race Conditions.
Intel has released microcode patches for CVE-2024-45332, emphasizing the risk of sensitive information exposure due to shared microarchitectural predictor states.
New research details a category of Spectre v2 attacks named Training Solo, where attackers can secretly leak information by accessing privileged processes.
Collection
[
|
...
]