Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

May 16, 2025Ravie LakshmananHardware Security / Vulnerability

Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years.

The vulnerability, referred to as Branch Privilege Injection (BPI), “can be exploited to misuse the prediction calculations of the CPU (central processing unit) in order to gain unauthorized access to information from other processor users,” ETH Zurich said.

Kaveh Razavi, head of the Computer Security Group (COMSEC) and one of the authors of the study, said the shortcoming affects all Intel processors, potentially enabling bad actors to read the contents of the processor’s cache and the working memory of another user of the same CPU.

The attack leverages what’s called Branch Predictor Race Conditions (BPRC) that emerge when a processor switches between prediction calculations for two users with different permissions, opening the door to a scenario where an unprivileged hacker could exploit it to bypass security barriers and access confidential information from a privileged process.

Intel has issued microcode patches to address the vulnerability, which has been assigned the CVE identifier CVE-2024-45332 (CVSS v4 score: 5.7).

“Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access,” Intel said in an advisory released on May 13.

The disclosure comes as researchers from the Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam detailed a category of self-training Spectre v2 attacks codenamed Training Solo.

“Attackers can speculatively hijack control flow within the same domain (e.g., kernel) and leak secrets across privilege boundaries, re-enabling classic Spectre v2 scenarios without relying on powerful sandboxed environments like eBPF,” VUSec said.

The hardware exploits, tracked as CVE-2024-28956 and CVE-2025-24495, can be used against Intel CPUs to leak kernel memory at up to 17 Kb/s, with the study finding that they could “completely break the domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks.”

• CVE-2024-28956 – Indirect Target Selection (ITS), which affects Intel Core 9th-11th, and Intel Xeon 2nd-3rd, among others.
• CVE-2025-24495 – Lion Cove BPU issue, which affects Intel CPUs with Lion Cove core

While Intel has shipped microcode updates for these defects, AMD said it has revised its existing guidance on Spectre and Meltdown to explicitly highlight the risk from the use of classic Berkeley Packet Filter (cBPF).

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!