Chip giants Intel, AMD and Arm each published Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products, including ones related to newly disclosed CPU attacks.
One of the CPU attacks was disclosed this week by researchers at Swiss university ETH Zurich. The researchers discovered a branch privilege injection issue, tracked as CVE-2024-45332, that they claim “brings back the full might of branch target injection attacks (Spectre-BTI) on Intel”.
The researchers claim that while Intel’s Spectre-BTI (aka Spectre v2) mitigations have worked for nearly six years, they have now found a way to break them due to a race condition impacting Intel CPUs.
Spectre-style attacks could allow an attacker who has access to the targeted system to obtain potentially valuable information from memory, such as encryption keys and passwords.
In its advisory, Intel said it’s releasing microcode updates to mitigate CVE-2024-45332, which it described as a sensitive information disclosure issue.
AMD has published an advisory to inform customers that — as stated by the researchers as well — the vulnerability does not impact its CPUs.
Another CPU attack was disclosed this week by researchers at Dutch university VU Amsterdam. Their analysis, dubbed Training Solo, led to the discovery of three new classes of self-training Spectre v2 attacks, which highlight the limitations of domain isolation.
The researchers developed two exploits against Intel CPUs that can leak kernel memory at up to 17 Kb/s, and they found two new hardware flaws (tracked as CVE-2024-28956 and CVE-2025-24495), which “completely break the domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks”.
Intel said it’s releasing microcode updates and prescriptive guidance to mitigate these vulnerabilities.
AMD has published an advisory to say that its CPUs are not impacted by this attack. Arm CPUs, on the other hand, may be impacted. The chipmaker told customers that while this is not a new vulnerability, its security guidance has been updated to more explicitly highlight the risks.
Intel has published 25 new advisories covering dozens of vulnerabilities found across its products.
The chip giant has patched high-severity vulnerabilities that can lead to information disclosure, DoS attacks or privilege escalation in Tiber Edge Platform, Graphics and Graphics Driver, Server Board, PROSet/Wireless, Gaudi, Xeon, Ethernet Network Adapter, Slim Bootloader, and Simics Package Manager products.
Medium-severity issues have been addressed in Intel’s RealSense, Ethernet Network Adapter, Ethernet Connections Boot Utility, oneAPI Level Zero, OpenVINO, Advisor, Endurance Gaming Mode, Arc GPU, Core and Xeon CPU, oneAPI DPC++/C++ Compiler, and QuickAssist Technology products.
AMD has published three other new advisories. One covers four high-severity vulnerabilities in AMD Manageability Tools — their exploitation can lead to privilege escalation and potentially arbitrary code execution.
Another advisory describes two high-severity flaws in AMD Optimizing CPU Libraries (AOCL), which could also be exploited for privilege escalation and possibly code execution. The last advisory covers a medium-severity issue in uProf that can be exploited to delete arbitrary files.
Related: Intel TDX Connect Bridges the CPU-GPU Security Gap
Related: AMD Patches CPU Vulnerability That Could Break Confidential Computing Protections
Related: New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones