2d ago

Researchers discover new security vulnerability in Intel processors

ETH Zurich researchers discover new security vulnerability in Intel processors

The new class of vulnerabilities in Intel processors arises from speculative technologies that anticipate individual computing steps.
Openings enable gradual reading of entire privilege memory contents of shared processor (CPU).
All Intel processors from the last 6 years are affected, from PCs to servers in data centres.

Technology @europe.pub

tfm @europe.pub

22h ago

Researchers discover new security vulnerability in Intel processors

ethz.ch /en/news-and-events/eth-news/news/2025/05/eth-zurich-researchers-discover-new-security-vulnerability-in-intel-processors.html

cybersecurity @infosec.pub

Pro @programming.dev

2d ago

Researchers discover new security vulnerability in Intel processors

ethz.ch /en/news-and-events/eth-news/news/2025/05/eth-zurich-researchers-discover-new-security-vulnerability-in-intel-processors.html

Technology @programming.dev

Pro @programming.dev

2d ago

Researchers discover new security vulnerability in Intel processors

ethz.ch /en/news-and-events/eth-news/news/2025/05/eth-zurich-researchers-discover-new-security-vulnerability-in-intel-processors.html

35 comments

average Intel moment

Can it be triggered from a browser?
Because if not, it's another non-issue issue for most people.
I think after the last round of exploits, most of the browser makers made timers deliberately inaccurate enough to prevent it being used.

The so-called BPRC (Branch Predictor Race Conditions) emerge during a brief period of a few nanoseconds when the processor switches between prediction calculations for two users with different permissions, explains Sandro Rüegge, who has been examining the vulnerability in detail over the past few months.

This sounds just like Spectre/heartbleed. Haven't we learned our lesson with speculative computation? I guess not...
Well you know what they say, if it was a bad idea 10 fucking years ago, then let's do it again!
- i mean just look at the performance hits with speculative execution off
- With massive OOO pipelines, what's the alternative?
- Intel has not learned, still making money on crap chips.

Intel has already deployed a fix for this in the 13th and 14th gen by permanently damaging the chip and crashing. Checkmate hackers.

Thankfully my Thinkpads from the last decade are not affected.

Another day, another speculative execution vulnerability.

No catchy name for the vulnerability? It can’t be that bad, then…
- Wasnt CVE recently shut down, maybe that's why it has no catchy name
  
  CVEs follow a naming convention, the exploit name is usually given by the researcher/hacker/whoever finds and documents it
- Let's call it Son of Spectre
  
  Bond, James Bond. Junior.

This vulnerability fundamentally undermines data security, particularly in the cloud environment where many users share the same hardware resources.
Intel gets punched again.
- Who, my good friend, fucking WHO still buys Intel for the servers? It sucks so hard, I don't get it.
  
  I bet other vendors implemented similar optimizations and have the same issues. That's how it's been in several occasions...
  
  Well personally, I've been having a bear of a time trying to get my Ryzen machine to run correctly. I'm starting to think there just aren't good options
- I feel pretty duh here. That's a great point.

Anyone having a link to a more technical (detailed) description?
This is quite novice orientated and I'd be very interested on how it actually works. Is there anything already disclosed?
Edit: link at the end to the original research/more detailed explanation:
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/