Intel's hardware-based safeguards against attacks exploiting the Spectre data leaking vulnerabilities impacting its processors could be bypassed by new Branch Predictor Race Conditions, reports The Register.
Misalignment between the processor's privilege levels and branch predictor updates have allowed the creation of the novel Branch Privilege Injection attack exploiting Spectre v2, which facilitates the injection of wrongly classified branch predictions by unprivileged code, according to a study from ETH Zurich researchers set to be presented at Black Hat USA 2025 and USENIX Security 2025. The intrusion could commence from a virtual machine that could result in hypervisor data leaks. "While such attacks are in theory possible, and we have shown that BPI enables such attacks, our particular exploit leaks information in the user-to-kernel scenario," researchers added. Such an issue has already been fixed by Intel in a microcode update, with the company also pledging to further bolstering its Spectre v2 defenses.
Misalignment between the processor's privilege levels and branch predictor updates have allowed the creation of the novel Branch Privilege Injection attack exploiting Spectre v2, which facilitates the injection of wrongly classified branch predictions by unprivileged code, according to a study from ETH Zurich researchers set to be presented at Black Hat USA 2025 and USENIX Security 2025. The intrusion could commence from a virtual machine that could result in hypervisor data leaks. "While such attacks are in theory possible, and we have shown that BPI enables such attacks, our particular exploit leaks information in the user-to-kernel scenario," researchers added. Such an issue has already been fixed by Intel in a microcode update, with the company also pledging to further bolstering its Spectre v2 defenses.
