Overview

• ETH Zurich researchers identified a new vulnerability, Branch Privilege Injection (CVE-2024-45332), affecting all 9th-generation and newer Intel processors.
• The flaw exploits branch predictor race conditions, bypassing existing Spectre v2 defenses like eIBRS and IBPB, to leak sensitive kernel data.
• Intel released microcode updates addressing the issue, with firmware mitigations causing a 2.7% performance penalty and software patches introducing up to 8.3% overhead.
• The vulnerability was demonstrated on Linux with a proof-of-concept attack achieving data leak rates of 5.6 KB/sec, though it is theoretically exploitable on other operating systems.
• Intel reports no known real-world exploits but advises users to apply BIOS/UEFI and OS updates; full technical details will be presented at USENIX Security 2025.