New Intel Processor Vulnerability Discovered

By Netvora Tech News

---

Intel processors are vulnerable to a new type of attack, known as Branch Privilege Injection (BPI), which allows local attackers to bypass existing security measures and steal sensitive information. Researchers at ETH Zurich have developed a new exploit that can leak the hash of the root password, as well as other information from the kernel memory.

New Exploit Discovered

The exploit, developed by Kaveh Razavi and his team, takes advantage of the speculative execution of modern processors to steal sensitive data. In a user-to-kernel scenario, the attacker can leak information from the operating system, rather than the hypervisor.

The researchers demonstrated the exploit by starting a virtual machine in a cloud environment and using it to leak information from the hypervisor, including data from other virtual machines running on the same server.

• The exploit works by using a local, unprivileged user process to leak the hash of the root password.
• The researchers claim that this is not the only possible scenario, and that other attack vectors are possible.

Intel Releases Updates

Intel has released microcode updates for several processor families to mitigate the vulnerability. However, the update may affect the performance of the processor, with potential slowdowns of up to 2.7%.

The vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) number, CVE-2024-45332, and has been rated a 5.6/5.7 on the CVSS scale.

Impact on Users

The discovery of this vulnerability serves as a reminder of the ongoing challenges faced by Intel in securing its processors. As a result, users who have not already done so are advised to update their processors as soon as possible to mitigate the risk of attack.

It is also important for users to remain vigilant and take steps to secure their systems, including keeping software up to date and using strong passwords.