Full Report
Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years. The vulnerability, referred to as Branch Privilege Injection (BPI), "can be exploited to misuse the prediction
Analysis Summary
# Vulnerability: Intel CPU Flaws Enabling Memory Leaks (BPI and Spectre v2 Variants)
## CVE Details
- **CVE ID:** CVE-2024-45332 (Branch Privilege Injection - BPI)
- **CVSS Score:** 5.7 (Medium - based on Intel advisory context for CVE-2024-45332)
- **CWE:** Shared Microarchitectural Predictor State influencing transient execution.
*Note: The "Training Solo" attacks are associated with CVE-2024-28956 and CVE-2025-24495, but detailed severity is not universally provided for all three in the summary text.*
## Affected Systems
- **Products:** All modern Intel Processors.
- **Versions:** Affects various Intel CPUs, including specific details for Training Solo attacks:
- **CVE-2024-28956 (ITS):** Affects Intel Core 9th-11th, and Intel Xeon 2nd-3rd, among others.
- **CVE-2025-24495 (Lion Cove BPU issue):** Affects Intel CPUs with Lion Cove core.
- **Configurations:** Requires local access for exploitation of CVE-2024-45332 (BPI). Training Solo attacks aim to re-enable cross-privilege boundary leaks (user-user, guest-guest, guest-host).
## Vulnerability Description
Multiple vulnerabilities stem from microarchitectural side-channel weaknesses in modern Intel CPUs related to speculative execution and branch prediction:
1. **Branch Privilege Injection (BPI) - CVE-2024-45332:** This flaw exploits Branch Predictor Race Conditions (BPRC) that occur when the CPU switches between prediction calculations for users with different permissions. This can allow an unprivileged user to misuse CPU prediction calculations to gain unauthorized access to information from other processor users, specifically by reading cached data or working memory of other users.
2. **Training Solo Attacks (CVE-2024-28956 & CVE-2025-24495):** A category of self-training Spectre v2 attacks that allow attackers to "speculatively hijack control flow within the same domain (e.g., kernel)" and leak secrets across privilege boundaries, potentially circumventing existing mitigations for Spectre v2. These were shown to leak kernel memory at up to 17 Kb/s.
## Exploitation
- **Status:** The article suggests potential for exploitation based on research findings in a lab setting. CVE-2024-45332 states exploitation may allow an *authenticated user*.
- **Complexity:** Based on the nature of Spectre-derived attacks, complexity is likely **Medium to High**, though BPI description suggests misuse involving prediction calculations.
- **Attack Vector:** Primarily **Local** for side-channel attacks involving data leakage from shared resources.
## Impact
- **Confidentiality:** **High.** Allows unauthorized disclosure and reading of sensitive data, processor cache contents, and working memory of other users or privileged processes (e.g., kernel memory).
- **Integrity:** **Low/Indirect.** Primary impact is information disclosure, not direct state manipulation.
- **Availability:** **Low.** No direct impact on system availability is listed, though speculation mitigation overhead could indirectly affect performance.
## Remediation
### Patches
Intel has issued microcode patches for the disclosed defects.
- **CVE-2024-45332:** Addressed via microcode patches (See Intel SA-01247).
- **CVE-2024-28956 & CVE-2025-24495:** Addressed via microcode updates shipped by Intel. (Specific version numbers for patches are not detailed in the summary source.)
### Workarounds
No specific workarounds are detailed in the provided excerpt beyond the availability of patches. Applying the vendor-supplied microcode updates is the primary defense.
## Detection
- **Indicators of Compromise:** Potential observation of high-frequency, low-volume memory reads that are characteristic of side-channel leaks during periods of high CPU activity between different privileged states or users.
- **Detection Methods and Tools:** Detection relies heavily on monitoring for abnormal side-channel behavior or ensuring the application of vendor microcode/firmware updates designed to address BPRC or Spectre v2 specific mitigations.
## References
- Vendor Advisory: intel-sa-01247 (Referenced by Intel's statement regarding CVE-2024-45332)
- BPI Research: comsec ethz ch/research/microarch/branch-privilege-injection/ (Defanged)
- Training Solo Research: vusec net/projects/training-solo/ (Defanged)
- News Source: thehackernews com/2025/05/researchers-expose-new-intel-cpu-flaws html (Defanged)