Affecting all Intel processors released in the past six years-including those in consumer devices and cloud server infrastructure-the vulnerability exploits speculative execution technologies designed to accelerate computational performance. The BPRC vulnerability follows a pattern seen in earlier flaws like Spectre (2017), Meltdown (2017), and Retbleed (2022), all of which manipulated speculative execution to access protected memory regions. A newly discovered class of vulnerabilities in Intel processors, termed Branch Predictor Race Conditions (BPRC), allows attackers to systematically extract sensitive data from the cache and random-access memory (RAM) of other users sharing the same hardware. Researchers from ETH Zurich’s Computer Security Group (COMSEC) demonstrated that malicious actors could leverage BPRC to bypass privilege barriers at the processor level, achieving unauthorized readouts of memory contents at rates exceeding 5,000 bytes per second. ETH Zurich’s Kaveh Razavi, head of COMSEC, notes that speculative technologies “fundamentally undermine data security” by introducing temporal gaps in privilege checks during user context switches. Academics and industry groups are exploring alternatives such as in-order execution, which sacrifices some performance for deterministic security, and hardware-enforced isolation mechanisms like Intel’s Software Guard Extensions (SGX). By anticipating branches in code execution paths, such as conditional statements, CPUs can maintain computational throughput even during delays caused by data fetches from slower memory systems. When a processor switches between users or processes, it temporarily suspends speculative execution to update privilege permissions. Each patch introduces performance overheads, undermining the very speed advantages speculative execution aims to provide. Attackers can inject code that triggers speculative execution during this window, causing the CPU to erroneously apply stale privileges. Modern processors employ speculative execution to predict and precompute likely instructions, reducing latency in program execution. This flaw poses acute risks for multi-tenant cloud environments, where shared hardware resources amplify the potential for cross-user data breaches. Rüegge’s experiments demonstrated that a single exploit cycle retrieves one byte, but rapid iteration achieves 5,000+ bytes per second-enough to exfiltrate sensitive data like encryption keys or authentication tokens within minutes. However, Razavi emphasizes that such fixes are stopgaps: “The series of newly discovered vulnerabilities in speculative technologies indicates fundamental architectural flaws”. Without architectural overhauls, we will continue battling speculative execution flaws one patch at a time”. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 16 May 2025 14:20:59 +0000