英特尔分支权限注入漏洞 (CVE-2024-45332)
ETH Zurich研究人员发现硬件预测域隔离漏洞Branch Privilege Injection,攻击者可利用此漏洞导致预测标签错误并发起Spectre-v2攻击。Intel将通过微代码更新修复该问题,无软件补丁可用。 2025-5-13 17:5:0 Author: seclists.org(查看原文) 阅读量:17 收藏
ETH Zurich研究人员发现硬件预测域隔离漏洞Branch Privilege Injection,攻击者可利用此漏洞导致预测标签错误并发起Spectre-v2攻击。Intel将通过微代码更新修复该问题,无软件补丁可用。 2025-5-13 17:5:0 Author: seclists.org(查看原文) 阅读量:17 收藏
oss-sec mailing list archives
From: Andrew Cooper <andrew.cooper3 () citrix com>
Date: Tue, 13 May 2025 18:03:51 +0100
Researchers from ETH Zurich have discovered Branch Privilege Injection, a bug in hardware prediction-domain isolation whereby an attacker can cause predictions to be tagged with the wrong mode/privilege, and then use the incorrectly-tagged predictions to mount traditional Spectre-v2 attacks. For more details, see: https://comsec.ethz.ch/bprc https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html Intel are releasing microcode to address as part of IPU 2025.2. There are no software mitigations available. https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512 ~Andrew, on behalf of the Xen Security Team.
Current thread:
- Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection Andrew Cooper (May 13)
文章来源: https://seclists.org/oss-sec/2025/q2/129
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh