ETH ZURICH researchers have found another lack of security that, according to them Shelter He continues to chase computer systems after more than seven years.
The vulnerability called the injection of the Department (BPI) “can be used to abuse the processor forecast (central processing block) to obtain unauthorized access to information from other processors’ users, Eth Zurich – Note.
Kaveh Razavi, Head of the Computer Security Group (COMSEC) and one of the authors of the study, said the shortcomings affect all Intel processors, which could allow the bad subjects to read the content of the processor cache and the work memory of another user.
Attack uses what’s called the prediction race (BPRC) that arise when the processor switches between the forecasting calculations for two users with different permits, opening the door to the script when the underdeveloped hacker can use it to bypass the security barriers and access confidential information from the preferred process.
Intel released the microcode patches to address the vulnerability, which was assigned to the CVE-2024-4532 ID (CVSS V4: 5.7).
“Exposure of sensitive information caused by the general condition of the microchtertectural predictor, which affects the transitional performance in the indirect department for some Intel processors, can allow the user to potential – Note in a recommendation published on May 13.
Disclosure of information occurs when researchers from the system of systems and network security (VUSEC) in Vrje Universiteit Amsterdam talked about the category of self -learning Spectre V2 Codan’s attacks are named Teaching solo.
“Attackers can speculatedly steal the control flow in one domain (such as the core) and the secretion leak within the privileges, re -enabled classic Spectre V2 scenarios without relying on powerful environments such as EBPF,” Vusec – Note.
The equipment is used, tracked both CVE-2024-28956 and CVE-2015-24495, can be used against CPUS Intel to trace the kernel memory up to 17 kb/s, and the study found that they can “completely break the domain insulation and re-use the traditional user user, guest, and even the guest H-Host-Spectre-specific-specific-specific Spectre-F2. “
- Cve-2024-28956 -In the purpose of the target (its) affecting the Intel Core 9-11, and Intel Xeon 2nd-3rd, among others.
- Cve-2025-2495 – the BPU Lion Cove problem that affects Intel CPU with the Lion Cove core
While Intel sent microcode updates for these defects, AMD – Note he revised his existing recommendations on A ghost and a crisis To clearly highlight the use of the classic Berkeley package filter (CBPF).
