A team of computer scientists from ETH Zurich has uncovered a new security vulnerability that affects all Intel processors.
This issue is linked to a technology called speculative execution, which allows processors to predict upcoming instructions and execute them in advance to speed up processing.
While this boosts performance, it also opens the door for hackers to exploit the system, potentially gaining access to sensitive data stored in memory.
The vulnerability, named BPRC (Branch Predictor Race Conditions), takes advantage of a tiny gap in time—just a few nanoseconds—when the processor switches between users with different permission levels.
During this brief moment, the CPU’s built-in security measures are not fully synchronized, creating an opportunity for hackers to slip through and read information from the processor’s memory.
This includes both the cache, where data is temporarily stored for quick access, and the RAM, which handles ongoing processing tasks.
The researchers explain that with carefully crafted inputs, hackers can manipulate the prediction process of the CPU.
This manipulation causes confusion during the switch between users, leading to incorrect assignment of permissions.
Essentially, an attacker could exploit this flaw to read a single byte of information—an eight-bit unit of data—from the processor’s memory.
While one byte might seem insignificant, the attack can be repeated thousands of times per second, allowing the hacker to eventually read all the information stored in the CPU’s memory.
In tests, the research team achieved readout speeds of over 5,000 bytes per second. This rapid extraction of data poses a serious threat, especially in cloud environments where many users share the same hardware.
The discovery is the latest in a series of vulnerabilities affecting speculative execution technologies, which were first introduced in the mid-1990s.
In 2017, Spectre and Meltdown brought these risks to public attention, and since then, new weaknesses have been identified regularly.
One such vulnerability, named Retbleed, was uncovered in 2022 by a former Ph.D. student in the ETH Zurich team. It similarly exploited speculative execution to access information from other users on the same processor.
The ETH Zurich researchers began investigating BPRC after analyzing Intel’s protective measures against Retbleed.
During their examination, they noticed a strange signal coming from the cache memory, which remained consistent regardless of the protective settings. Further analysis revealed that this signal was a sign of a deeper flaw in the CPU’s architecture, leading to the discovery of the new vulnerability.
Intel has since released microcode updates to address the issue, which can be applied through BIOS or operating system updates. However, the researchers believe this is part of a broader problem.
“The series of newly discovered vulnerabilities suggests there are fundamental flaws in the architecture,” said Kaveh Razavi, head of the Computer Security Group at ETH Zurich. He emphasized that the gaps need to be found and patched one by one, hinting that more vulnerabilities may be discovered in the future.
For now, users are advised to keep their systems updated with the latest security patches to protect against potential exploitation.
Source: ETH Zurich.
