New Intel CPU Flaws Revive Spectre Threat with Fresh Attack Vectors

Researchers at ETH Zürich have identified a new hardware vulnerability affecting all modern Intel processors, once again underscoring the persistent threat posed by Spectre-related flaws, even after more than seven years since their initial discovery.

  Vulnerability Alerts   May 19, 2025  Add to Reading List
New Intel CPU Flaws Revive Spectre Threat with Fresh Attack Vectors

Researchers at ETH Zürich have identified a new hardware vulnerability affecting all modern Intel processors, once again underscoring the persistent threat posed by Spectre-related flaws, even after more than seven years since their initial discovery.

Named Branch Privilege Injection (BPI), the vulnerability exploits the CPU’s branch prediction mechanism, allowing attackers to gain unauthorized access to sensitive data by manipulating how the processor predicts the execution path of instructions. According to ETH Zürich, this technique can be used to illegally access data stored in the CPU cache or system memory used by other processes on the same chip.

The core of the issue lies in Branch Predictor Race Conditions (BPRC), which occur when the processor rapidly switches between prediction states of users with different permission levels. This flaw can be exploited by unprivileged users to breach privileged memory boundaries, bypassing existing security controls.

Intel has addressed the flaw with a microcode update, assigning the issue CVE-2024-45332 and giving it a CVSS v4 score of 5.7. Intel’s advisory warns that the flaw may allow local information disclosure by taking advantage of shared microarchitectural prediction states influencing speculative execution paths.

Meanwhile, researchers at Vrije Universiteit Amsterdam’s VUSec group have disclosed a separate class of Spectre v2-style exploits, collectively dubbed Training Solo. These techniques allow attackers to manipulate control flow within the same privilege domain, such as the operating system kernel, without needing complex sandbox environments like eBPF.

Two new vulnerabilities under the Training Solo umbrella are:

  • CVE-2024-28956 (CVSS v4: 5.7) – Known as Indirect Target Selection (ITS), this affects Intel Core 9th to 11th Gen CPUs and Xeon 2nd and 3rd Gen processors.

  • CVE-2025-24495 (CVSS v4: 6.8) – A vulnerability tied to the Lion Cove branch prediction unit (BPU), impacting newer Intel CPUs built on this architecture.

These attacks allow for the leakage of kernel-level memory at rates up to 17 Kb/s, posing a significant risk by breaking isolation boundaries between users, virtual machines, and even between guest systems and their host environments.

Intel has rolled out additional microcode patches for these vulnerabilities. In response, AMD has updated its guidance on Spectre and Meltdown, particularly flagging the risks associated with using classic Berkeley Packet Filter (cBPF) mechanisms.

These findings reflect a resurgence of Spectre-style threats, emphasizing the ongoing challenge of securing speculative execution features in modern processors.