Image credit:ETH Zurich / Computer Security Group, Corporate Communications
Researchers at ETH Zurich have found a new kind of security flaw in Intel processors that lets attackers break through barriers between users by using carefully designed commands. This could allow someone to read all the data stored in a processor’s memory with fast, repeated attacks.
Modern processors use a trick called speculative technology to speed things up—they guess what instructions might come next and start working on them early. It’s a bit like how we try to predict what’s coming in our day and get ready for it. This helps computers run programs faster, but as the Computer Security Group at ETH Zurich’s Department of Information Technology and Electrical Engineering discovered, it can also create an opening for hackers. They found a way to misuse these predictions to access data from other users on the same processor.
Update: Intel responded with a security advisory about CVE-2024-45332 and shared a statement with TechPowerUp: “We’re grateful for ETH Zurich’s research and teamwork on this public disclosure. Intel is improving its Spectre v2 hardware protections and suggests users check with their system maker for the right update. So far, Intel hasn’t seen any real-world attacks using these speculative execution flaws,” an Intel spokesperson said.
All Intel Processors Are Affected
This security issue impacts all Intel processors, according to Kaveh Razavi, head of the Computer Security Group. “We can use this flaw to read all the data in the processor’s cache and RAM that belongs to another user,” he explained. The cache and RAM are where the processor temporarily stores data it thinks it’ll need soon.
This is a big deal for data security, especially in cloud setups where lots of users share the same hardware. It affects Intel processors in PCs, laptops, and even data center servers from the world’s biggest CPU maker.
A Tiny Timing Gap Creates the Issue
The flaw, called Branch Predictor Race Conditions (BPRC), happens in a super short window—just a few nanoseconds—when the processor switches between predictions for two users with different access levels, explained Sandro Rüegge, who’s been studying this issue closely for months.
The problem comes because the processor doesn’t check permissions at the exact same time it does its calculations. With the right inputs, attackers can create confusion during this switch, leading to the wrong permissions being applied. This lets them read a small piece of data, like a byte (which is eight bits of 0s and 1s).
Reading Memory Bit by Bit
Stealing one byte might not seem like much, but this attack can be repeated quickly to grab everything in the memory over time, Rüegge shared. “We can make the error happen over and over, pulling out more than 5,000 bytes per second.” If someone launches an attack, it’s just a matter of time before they get all the data in the CPU’s memory.
Part of a Bigger Problem
This isn’t the first time speculative tech in CPUs has caused issues—it’s been around since the mid-1990s. Back in 2017, Spectre and Meltdown made headlines as the first big vulnerabilities of this kind, and new ones have kept popping up since. Johannes Wikner, a former PhD student in Razavi’s group, found one called Retbleed in 2022, where he used traces of predicted instructions in the cache to access other users’ data.
How They Found It
The discovery started with follow-up work on Retbleed. “I was looking into the protections Intel added to fix Retbleed,” said Johannes Wikner. He noticed an odd signal from the cache memory that showed up whether those protections were on or off. Sandro Rüegge then dug deeper into what was causing that signal, which led to finding this new way to attack.
A Deeper Design Issue
The flaw was first spotted in September 2024, and Intel has since added protections to secure its processors. But Razavi thinks there’s a bigger issue at play. “This string of new vulnerabilities in speculative tech points to a core problem in the design,” he said. “We have to keep finding and fixing these gaps one by one.”
To fix this, you’ll need a special update to the processor’s microcode, which can come through a BIOS or operating system update. It’s likely included in one of the latest Windows updates, so make sure your PC is up to date.
What do you think about this new security concern? I’d love to hear your thoughts!
Source: ETH Zurich
