Intel CPU vulnerabilities are back in the spotlight as researchers from ETH Zürich uncover critical flaws that leak sensitive memory data and re-enable Spectre-style attacks. More than seven years after the original Spectre vulnerability shocked the tech world, new findings show that speculative execution issues still haunt modern chips.
The latest discovery, dubbed Branch Privilege Injection (BPI), allows attackers to manipulate how a CPU predicts program behavior. When the chip switches between tasks running under different permissions, it can expose data from high-privileged users to low-privileged ones—like a hacker peeking into another user’s private memory.
Kaveh Razavi, who leads ETH Zürich’s Computer Security Group, says the issue impacts nearly all Intel CPUs still in use today. His team demonstrated that attackers can leak information from the processor cache or working memory using a technique called Branch Predictor Race Conditions (BPRC).
Intel has responded with microcode updates to fix the problem. The flaw is now listed as CVE-2024-45332, rated 5.7 on the CVSS v4 scale. According to Intel’s May 13 advisory, the bug stems from shared microarchitectural predictor states, which can cause data exposure during transient execution in indirect branch predictors.
Spectre v2 Reloaded: VUSec Unveils “Training Solo” Attacks
Just as ETH Zurich’s findings raised red flags, researchers at VUSec (Vrije Universiteit Amsterdam) added fuel to the fire with another alarming development. Their new variant of Spectre v2, called Training Solo, doesn’t need sandboxed environments like eBPF to hijack control flow. Instead, it enables attackers to leak secrets across kernel privilege boundaries, reintroducing risks that were thought to be contained.
Two specific CVEs stand out:
- CVE-2024-28956 (Indirect Target Selection) — affects Intel Core 9th–11th gen and Xeon 2nd–3rd gen chips, with data leak speeds up to 17 Kb/s.
- CVE-2025-24495 (Lion Cove BPU flaw) — targets Intel CPUs with the new Lion Cove architecture and has a CVSS v4 score of 6.8.
VUSec’s research shows these bugs can fully bypass domain isolation, enabling user-to-user, guest-to-guest, and guest-to-host data exfiltration—bringing back the most dangerous Spectre scenarios.
Intel has issued additional microcode patches to mitigate these new attack paths. Meanwhile, AMD has updated its documentation to highlight risks from classic Berkeley Packet Filter (cBPF) usage, acknowledging the broader industry impact.
