Ethical Hacking News
A recent study has exposed new Intel CPU flaws that can be exploited by unprivileged hackers to bypass security barriers and access confidential information from privileged processes. The vulnerabilities affect all modern Intel CPUs and highlight the ongoing threat posed by Spectre v2 attacks.
Researchers at ETH Zurich discovered new Intel CPU flaws that enable memory leaks and Spectre v2 attacks.The vulnerabilities, CVE-2024-45332 and CVE-2025-24495, affect all modern Intel CPUs.The attack leverages Branch Predictor Race Conditions (BPRC) to bypass security barriers and access confidential information.Intel has issued microcode patches to address the vulnerabilities, but keeping software and firmware up-to-date is still crucial.
THN Security News Exclusive: Researchers at ETH Zurich have made a groundbreaking discovery that has sent shockwaves through the cybersecurity community. In a comprehensive study, the researchers have exposed new Intel CPU flaws that enable memory leaks and Spectre v2 attacks. These findings are a stark reminder of the ongoing vulnerability of modern computing systems to sophisticated security threats.
The vulnerabilities, which have been assigned CVE identifiers CVE-2024-45332 and CVE-2025-24495, affect all modern Intel CPUs and can be exploited by unprivileged hackers to bypass security barriers and access confidential information from privileged processes. The attack leverages Branch Predictor Race Conditions (BPRC) that emerge when a processor switches between prediction calculations for two users with different permissions.
According to the researchers, the vulnerabilities can be used against Intel CPUs to leak kernel memory at rates of up to 17 Kb/s. This means that attackers could potentially "completely break the domain isolation" and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks. The impact of these findings is significant, as it underscores the ongoing threat posed by Spectre v2 attacks.
Intel has issued microcode patches to address the vulnerabilities, but the discovery highlights the need for continued vigilance in addressing emerging security threats. The fact that all modern Intel CPUs are affected by these flaws serves as a stark reminder of the importance of keeping software and firmware up-to-date with the latest security patches.
The researchers at ETH Zurich used advanced tools to analyze the vulnerabilities and develop exploit code, which they shared publicly to help mitigate the impact of the attacks. Kaveh Razavi, head of the Computer Security Group (COMSEC) and one of the authors of the study, stated that "the shortcoming affects all Intel processors" and emphasized the importance of addressing these vulnerabilities.
AMD has revised its existing guidance on Spectre and Meltdown to explicitly highlight the risk from the use of classic Berkeley Packet Filter (cBPF). This move reflects the growing recognition within the industry that Spectre v2 attacks pose a significant threat to security.
The discovery of these new Intel CPU flaws serves as a wake-up call for organizations and individuals to take proactive steps to address emerging security threats. As the cybersecurity landscape continues to evolve, it is essential to stay informed about the latest developments and take action to protect against potential vulnerabilities.
In conclusion, the exposure of new Intel CPU flaws highlights the ongoing threat posed by Spectre v2 attacks. The fact that all modern Intel CPUs are affected by these flaws underscores the importance of keeping software and firmware up-to-date with the latest security patches. As the cybersecurity community continues to evolve, it is essential to stay vigilant and take proactive steps to address emerging security threats.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Intel-CPU-Flaws-Exposed-A-Growing-Concern-for-Memory-Leaks-and-Spectre-v2-Attacks-ehn.shtml
https://thehackernews.com/2025/05/researchers-expose-new-intel-cpu-flaws.html
https://nvd.nist.gov/vuln/detail/CVE-2024-45332
https://www.cvedetails.com/cve/CVE-2024-45332/
https://nvd.nist.gov/vuln/detail/CVE-2025-24495
https://www.cvedetails.com/cve/CVE-2025-24495/
Published: Fri May 16 04:48:50 2025 by llama3.2 3B Q4_K_M
