Spectre Resurfaces: New Intel CPU Flaws Leak Sensitive Memory Data

Cybersecurity researchers at ETH Zürich have uncovered a new vulnerability in modern Intel processors that continues to underscore the persistent risks introduced by speculative execution flaws like Spectre, first disclosed in 2018. This latest discovery, named Branch Privilege Injection (BPI), affects all modern Intel CPUs, allowing potential attackers to access sensitive data from other users sharing the same system.

What Is Branch Privilege Injection (BPI)?

The BPI vulnerability exploits weaknesses in Intel’s branch prediction mechanisms, a performance optimization tool used by CPUs to speed up execution by guessing which path a program will take. When the CPU makes these speculative guesses, it stores predicted outcomes in shared hardware structures—structures that can become security liabilities.

Researchers at ETH Zürich explain that Branch Predictor Race Conditions (BPRC) arise when a CPU rapidly switches prediction calculations between two users—such as an unprivileged attacker and a privileged process. This opens the door for side-channel attacks that can expose protected memory contents, even from other users or processes with higher access privileges.

Real-World Implications and Exploitability

According to Kaveh Razavi, head of ETH Zürich's Computer Security Group (COMSEC), an attacker using BPI could potentially:

• Read cached data or working memory belonging to another user.

• Bypass privilege boundaries enforced by the operating system.

• Leak sensitive information such as cryptographic keys or session tokens.

While the attack requires local access and is not remotely exploitable, the implications are still significant for shared computing environments—such as cloud platforms, virtual machines, and multi-user servers.

Mitigations and Intel’s Response

Intel has acknowledged the flaw and assigned it CVE-2024-45332, with a CVSS v4 base score of 5.7. Microcode patches have been issued to mitigate the issue.

Users and system administrators are urged to apply firmware updates from Intel and monitor security advisories from their OS vendors.

Related Developments: Spectre v2 Attacks Reimagined

The BPI vulnerability is not alone. Researchers from the Vrije Universiteit Amsterdam (VUSec) also unveiled a new class of Spectre v2-style exploits, dubbed Training Solo, which allow for speculative control-flow hijacking within the same domain, such as the kernel.

These attacks don’t rely on sandboxed environments (like eBPF) and include the following vulnerabilities:

• CVE-2024-28956 (CVSS v4: 5.7): Indirect Target Selection (ITS) affecting Intel Core 9th–11th gen and Xeon 2nd–3rd gen.

• CVE-2025-24495 (CVSS v4: 6.8): A new Lion Cove branch prediction unit issue impacting next-gen Intel CPUs.

These attacks can leak kernel memory at speeds up to 17 KB/s, potentially re-enabling classic Spectre attacks across users, guests, and even hypervisor domains.

Intel has released microcode fixes for both flaws. AMD, for its part, has revised its own guidance, cautioning users against using classic Berkeley Packet Filter (cBPF) due to similar risks.

Takeaways: Protecting Systems Against Speculative Attacks

Despite years of mitigation work since Spectre’s original disclosure, these new flaws prove that speculative execution vulnerabilities remain a moving target. Security teams and developers should:

• Install firmware updates for Intel CPUs as soon as they are released.

• Disable untrusted code execution features like eBPF and cBPF in production environments.

• Enable CPU mitigations at the OS or hypervisor level, particularly on shared systems.

• Use hardened kernels and restrict access to sensitive performance counters or APIs.

The persistence of these threats emphasizes the need for ongoing defense-in-depth and architectural improvements in modern CPU design.