Branch Privilege Injection (CVE-2024-45332): New Spectre-Class Attack Bypasses Intel Mitigations with Live PoC - #CVE-2024-45332
Security researchers at ETH Zürich have uncovered a new speculative execution vulnerability called "Branch Privilege Injection" (CVE-2024-45332) that affects Intel CPUs from the 9th generation onwards. This vulnerability bypasses existing Spectre mitigations and exploits race conditions in branch predictors, allowing attackers to inject predictor entries into privileged contexts. Demonstrated on an Intel Raptor Lake processor, the attack achieved memory leakage at 5.6KiB/s. Intel has responded by releasing a microcode update to mitigate the issue, with performance impacts of up to 2.7% on Alder Lake CPUs. The researchers will present their findings at upcoming security conferences, and proof-of-concept code is available on GitHub. Users are advised to install the latest operating system and BIOS updates to protect against this vulnerability.