CVE-2024-45332: Branch Privilege Injection in Intel CPUs Exposes Sensitive Kernel Data

Overview

A newly disclosed CPU vulnerability, CVE-2024-45332, adds to the growing list of speculative execution side-channel attacks that plague modern processors. Dubbed “Branch Privilege Injection”, the flaw targets Intel’s indirect branch predictors to leak privileged memory content across protection boundaries—even with Spectre-class mitigations in place.

Discovered by researchers at ETH Zurich, this vulnerability has wide implications for shared computing environments and systems running recent Intel CPUs. It is tracked in Intel’s advisory INTEL-SA-01247.

We’re moving into an era where local hardware access is increasingly becoming a prerequisite for exploiting vulnerabilities of this nature—a sign that software-level mitigations are forcing attackers closer to the physical edge of the system.

How the Attack Works

CVE-2024-45332 abuses the behavior of the Return Stack Buffer (RSB) and Branch Target Buffer (BTB). Here’s the process:

  • Speculative Execution Context: CPUs speculatively execute instructions past branch points using predictions stored in microarchitectural structures.
  • Prediction Poisoning: The attacker manipulates predictor state in user mode, which is then reused in privileged kernel mode.
  • Transient Execution Leakage: Speculative kernel execution leaves cache traces, allowing attackers to infer protected data.
  • Real-World Leak: ETH Zurich successfully extracted data from /etc/shadow on a Core i9-13900K at 5.6 KB/s with 99.8% accuracy—even with mitigations active.

Affected Systems

This vulnerability impacts a wide range of Intel CPUs, including:

  • Intel Core 9th–14th Gen (Coffee Lake to Raptor Lake)
  • Intel Core Ultra (Meteor Lake and newer)
  • Xeon Scalable 2nd–5th Gen (Cascade Lake to Emerald Rapids)
  • Xeon E-Series
  • Pentium Gold and Celeron (affected architectures)

For a complete list, refer to Intel’s official advisory.

Mitigation Strategy

Microcode Updates

Intel has issued IPU 2025.2 which includes microcode patches. These are distributed via BIOS/UEFI firmware updates from OEM vendors. Updating your system firmware is essential to apply the mitigation.

OS-Level Mitigations

Distributions like Debian have released updated intel-microcode packages. However, full protection requires the microcode in conjunction with updated kernels.

Performance Impact

Early reports suggest a minimal to moderate performance impact due to the targeted nature of the predictor state restrictions.

Exploit Conditions

To exploit CVE-2024-45332, an attacker must have:

  • Local code execution on the system
  • Low privileges (root is not required)
  • Knowledge of cache probing techniques (e.g., Flush+Reload)

Existing mitigations such as retpolines and RSB stuffing do not prevent this particular leakage path. The vulnerability is especially concerning in multi-tenant and virtualized environments.

CVSS and Risk

CVSS v3.1 Base Score: 5.6 (Medium)
While the numerical score is moderate, the confidentiality impact is high—especially for environments handling sensitive credentials and cryptographic material.

Organizations should prioritize patching if they host untrusted workloads or share hardware between tenants.

Conclusion

CVE-2024-45332 is another reminder that speculative execution, while powerful, comes at a security cost. As software defenses mature, attackers are increasingly pushed toward lower-level, hardware-centric attacks that demand more precision—and offer potentially greater payoff.

Organizations should act quickly:

  • Apply firmware and microcode updates
  • Update kernels and OS packages
  • Limit access to local code execution
  • Monitor for abnormal cache activity and side-channel anomalies
Stay safe, stay ahead!