AI description
CVE-2024-45332, also known as "Branch Privilege Injection," is a vulnerability affecting Intel CPUs. It stems from a race condition in the branch predictors, specifically the Branch Target Buffer (BTB) and Indirect Branch Predictor (IBP). These predictors, which are designed to optimize CPU performance by speculatively predicting the outcome of branch instructions, are updated asynchronously, leading to a potential security flaw. The vulnerability arises because branch predictor updates can occur during privilege switches, such as from user mode to kernel mode. This creates a window where the update is associated with the incorrect privilege level, potentially allowing a non-privileged user to access sensitive data from privileged processes. An attacker can exploit this by training the CPU to predict a specific branch target and then triggering a system call to execute code in the OS kernel, leading to the leakage of sensitive information like passwords and cryptographic keys.
- Description
- Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- Source
- secure@intel.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 5.6
- Impact score
- 4
- Exploitability score
- 1.1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
🧵 THREAD: Computer Security Group broke Intel's 6-year-old Spectre mitigations with Branch Privilege Injection (CVE-2024-45332)
@amaanmi33454302
17 Jun 2025
354 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
CVE-2024-45332 : ข้อบกพร่องของซีพียูของ INTEL ที่ค้นพบว่าข้อมูลรั่วไหลจากความทรงจําที่มีสิทธิพิเศษ https://t.co/7J7rwPaKfF https://
@freedomhack101
28 May 2025
102 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-45332 brings back branch target injection attacks on Intel https://t.co/hr5pZTqATf
@_r_netsec
21 May 2025
827 Impressions
2 Retweets
4 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-45332
@transilienceai
19 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2025
147 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
New Branch Privilege Injection (CVE-2024-45332) exploits Intel CPUs, breaking their Spectre-BTI mitigations due to race conditions. Affected mitigations include eIBRS & IBPB. Intel's microcode update stops these primitives with up to 2.7% overhead. https://t.co/5iiUFwqzP4
@hkashfi
16 May 2025
569 Impressions
2 Retweets
14 Likes
0 Bookmarks
0 Replies
0 Quotes
Nowe luki w procesorach Intel umożliwiające wycieki pamięci i ataki Spectre v2 zostały ujawnione przez badaczy z ETH Zurich 🔻 ❗ CVE-2024-45332 (BPI – Branch Privilege Injection) – wykorzystuje warunki wyścigu Race Condition, pozwalając na wstrzyknięcie błędnyc
@Sekurak
16 May 2025
2534 Impressions
5 Retweets
31 Likes
3 Bookmarks
0 Replies
0 Quotes
💻 Spectre Isn’t Dead. It’s Mutating! New CPU flaw hits ALL modern Intel chips. 🛠 Researchers at ETH Zurich and VUSec uncovered Spectre-style Intel CPU flaws (CVE-2024-45332, CVE-2024-28956, CVE-2025-24495) that leak memory across users, guests, and ... https://t.co/FnN
@IT_news_for_all
16 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💻 Spectre Isn’t Dead. It’s Mutating! New CPU flaw hits ALL modern Intel chips. 🛠 Researchers at ETH Zurich and VUSec uncovered Spectre-style Intel CPU flaws (CVE-2024-45332, CVE-2024-28956, CVE-2025-24495) that leak memory across users, guests, and hosts—at rates up
@TheHackersNews
16 May 2025
17623 Impressions
60 Retweets
107 Likes
20 Bookmarks
1 Reply
5 Quotes
Major chipmakers including Intel, AMD, and Arm have released security patches for new CPU vulnerabilities, such as Spectre v2 and CVE-2024-45332, which can enable data leaks and privilege escalation. Stay protected! 🔒 #Intel #UK #Vulnerabilities https://t.co/nj9ougILNA
@TweetThreatNews
14 May 2025
41 Impressions
0 Retweets
2 Likes
0 Bookmarks
2 Replies
0 Quotes
IntelのCPUで新たな「分岐特権注入」脆弱性(CVE-2024-45332)が発見された。チューリッヒ工科大学の研究。Spectre v2の緩和策を突破可能なもので、第9世代以降のCPUに影響。分岐予測器における競合状態の悪用。Intelか
@__kokumoto
14 May 2025
812 Impressions
3 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Branch Privilege Injection: Exploiting Branch Predictor Race Conditions (CVE-2024-45332) https://t.co/4oTZXFlWVH
@hardenedlinux
14 May 2025
17 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
5 月 14 日消息,苏黎世联邦理工学院研究人员昨晚披露了一种针对英特尔现代 CPU 的新型漏洞“CVE-2024-45332”,影响英特尔第九代及后续所有处理器。 实测发现,在 Ubuntu 24.04 中读取 /etc/shadow 文件时峰值泄露速度
@cherylnatsu
14 May 2025
12950 Impressions
9 Retweets
106 Likes
22 Bookmarks
6 Replies
0 Quotes
A new vulnerability, Branch Privilege Injection (CVE-2024-45332), affects all modern Intel CPUs from 9th gen onward, risking sensitive data leaks via branch predictor exploits. 🖥️ Stay vigilant! #Intel #CyberRisk #USA https://t.co/T1ItoXuW5l
@TweetThreatNews
13 May 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes