Despite years of updates and hardware protections, Intel processors are once again vulnerable to Spectre-class attacks. Researchers at ETH Zurich have discovered a new way to bypass protections, potentially allowing sensitive information to be read from other applications or even cloud environments.
Despite years of updates and hardware protections, Intel processors are once again vulnerable to Spectre-class attacks. Researchers at ETH Zurich have discovered a new way to bypass protections, potentially allowing sensitive information to be read from other applications or even cloud environments.
As The Register reports, the attack class is called Branch Predictor Race Conditions (BPRC). The vulnerability is based on delays in updating the branch prediction mechanism, which is used in modern CPUs to optimize performance. It is these predictions that have become the key to exploiting Spectre-like attacks.
Spectre is a set of hardware vulnerabilities in CPUs that allow bypassing process isolation by stealing data from memory. The most dangerous variant is Spectre v2, which allows attackers to interfere with indirect transitions and access the memory of the kernel or other processes. After being widely publicized in 2018, Spectre led to a global review of approaches to processor security.
The authors of the study — Sandro Rügge, Johannes Wikner, and Kaveh Razavi — argue that malware can exploit the «window» between forecast updates and processor privilege level switching (for example, from user mode to kernel mode) to manipulate forecasts and read other people’s memory. This means that even a single virtual machine in the cloud could potentially access other users’ data.
The attack only works on Intel processors, from the 7th generation (Kaby Lake) to the latest models, and does not affect AMD or ARM. Intel has already acknowledged the issue and released a microcode patch, which is assigned the identifier CVE-2024-45332. The company notes that the update has only a minor impact on performance.
Spectre and Meltdown were first discovered in 2018 and affected virtually all modern processors. They allowed sensitive data to be read from memory using something called speculative execution, a technique that speeds up CPU performance by predicting which section of code to execute next.
Since then, Intel has gradually added hardware protections: eIBRS (indirect address prediction restriction within the same privilege level), IBPB (prediction cleanup barrier), and other speculation control mechanisms. But new work from ETH Zurich has shown that these mechanisms can be circumvented by asynchronous prediction updates.
The research will be officially presented at the USENIX Security 2025 and Black Hat USA 2025 conferences. Intel, in turn, is already working on strengthening protections. The vulnerability has not yet been recorded in real attacks, but its presence demonstrates that Spectre-like risks remain relevant even 7 years after discovery.
It is also worth recalling our recent article about how Intel reported its Q1 2025 earnings report, and its new CEO Lip-Bu Tan included a memo to all his employees hinting at layoffs.
