May 14, 2025 By Eduard Kovacs
Chip giants Intel, AMD and Arm each published Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products, including ones related to newly disclosed CPU attacks.
One of the CPU attacks was disclosed this week by researchers at Swiss university ETH Zurich. The researchers discovered a branch privilege injection issue, tracked as CVE-2024-45332, that they claim “brings back the full might of branch target injection attacks (Spectre-BTI) on Intel”.
The researchers claim that while Intel’s Spectre-BTI (aka Spectre v2) mitigations have worked for nearly six years, they have now found a way to break them due to a race condition impacting Intel CPUs.
Spectre-style attacks could allow an attacker who has access to the targeted system to obtain potentially valuable information from memory, such as encryption keys and passwords.
In its advisory, Intel said it’s releasing microcode updates to mitigate CVE-2024-45332, which it described as a sensitive information disclosure issue.
AMD has published an advisory to inform customers that — as stated by the researchers as well — the vulnerability does not impact its CPUs.
Another CPU attack was disclosed this week by researchers at Dutch university VU Amsterdam. Their analysis, dubbed Training Solo, led to the discovery of three new classes of self-training Spectre v2 attacks, which highlight the limitations of domain isolation.
The researchers developed two exploits against Intel CPUs that can leak kernel memory at up to 17 Kb/s, and they found two new hardware flaws (tracked as CVE-2024-28956 and CVE-2025-24495), which “completely break the domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks”.
Intel said it’s releasing microcode updates and prescriptive guidance to mitigate these vulnerabilities.
AMD has published an advisory to say that its CPUs are not impacted by this attack. Arm CPUs, on the other hand, may be impacted. The chipmaker told customers that while this is not a new vulnerability, its security guidance has been updated to more explicitly highlight the risks.
Intel has published 25 new advisories covering dozens of vulnerabilities found across its products.
