ETH Zurich´s Computer Security Group has discovered a previously unknown class of security vulnerabilities in Intel processors, exposing a critical weakness in how these chips handle speculative execution. The flaw allows an attacker to craft specific sequences of instructions that exploit the processor’s speculation and prediction mechanisms, leading to the breakdown of isolation between users. As a result, an adversary could orchestrate rapid, repeated attacks to read the entire contents of processor memory, posing a significant risk to sensitive information.
The underlying issue stems from speculative execution, a technique built into modern CPUs to enhance performance by predicting and executing likely future instructions. While this prediction-driven approach speeds up computation, it also opens the door for hackers to manipulate speculative behaviors, accessing data that should remain confined to other users. The vulnerabilities identified by ETH Zurich´s team demonstrate that, under specific attack scenarios, these speculative mechanisms can be misused to sidestep existing security boundaries.
In response, Intel has issued a security advisory for CVE-2024-45332 and publicly acknowledged the research, thanking ETH Zurich for their responsible disclosure and collaboration. The company is taking steps to reinforce its Spectre v2 hardware mitigations and advises customers to contact their system manufacturers for firmware or microcode updates. Importantly, Intel states there are currently no known real-world exploits of these transient execution vulnerabilities, but emphasizes that users should remain vigilant and ensure their systems are updated as soon as new mitigations are available.
