ETH Zurich researchers exposed a critical vulnerability in Intel CPUs, called Branch Privilege Injection (BPI), enabled by Branch Predictor Race Conditions (BPRC)
ETH Zurich researchers exposed a critical vulnerability in Intel CPUs, called Branch Privilege Injection (BPI), enabled by Branch Predictor Race Conditions (BPRC)
Spectre v2 (BTI) attacks manipulate CPU branch prediction to speculatively execute attacker-chosen code, leaking sensitive data through side channels
Spectre v2 (BTI) attacks manipulate CPU branch prediction to speculatively execute attacker-chosen code, leaking sensitive data through side channels
Hardware features like eIBRS and AutoIBRS were designed to prevent branch predictions learned in user mode from affecting privileged kernel mode
Hardware features like eIBRS and AutoIBRS were designed to prevent branch predictions learned in user mode from affecting privileged kernel mode
Modern CPUs use branch prediction to guess execution paths for performance, but this speculative execution can be exploited if predictions are manipulated
Modern CPUs use branch prediction to guess execution paths for performance, but this speculative execution can be exploited if predictions are manipulated
BPI allows attackers to inject user-mode branch predictions into kernel mode, reviving cross-privilege BTI attacks previously thought mitigated
BPRC and BPI affect at least six generations of Intel CPUs (from Coffee Lake Refresh onward), including Raptor Lake, Alder Lake, and Skylake
BPRC and BPI affect at least six generations of Intel CPUs (from Coffee Lake Refresh onward), including Raptor Lake, Alder Lake, and Skylake
Intel assigned CVE-2024-45332 to this vulnerability, which was responsibly disclosed in September 2024 and publicly revealed in May 2025
Intel assigned CVE-2024-45332 to this vulnerability, which was responsibly disclosed in September 2024 and publicly revealed in May 2025
Researchers demonstrated leaking the root password hash from /etc/shadow on Ubuntu 24.04 using an Intel Raptor Lake CPU, with a median leak time of 21 seconds
Researchers demonstrated leaking the root password hash from /etc/shadow on Ubuntu 24.04 using an Intel Raptor Lake CPU, with a median leak time of 21 seconds
Mitigation Strategies: Intel released a microcode update to address BPRC, with minor performance overhead
Mitigation Strategies: Intel released a microcode update to address BPRC, with minor performance overhead
BPRC and BPI highlight the fragility of microarchitectural privilege separation and the insufficiency of current speculative execution defenses
BPRC and BPI highlight the fragility of microarchitectural privilege separation and the insufficiency of current speculative execution defenses