Security vulnerability: Branch Privilege Injection aka CVE-2024-45332
This document (000021844) is provided subject to the disclaimer at the end of this document.
Environment
For a complete list of affected products please review the SUSE Security announcement.
Situation
Security researchers at ETH Zurich found a new Spectre v2 transitional execution attack in Intel CPUs.
By exploiting Branch Predictor Race Conditions (BPRC), where some branch predictions persist over switching privilege boundaries in the processor, it allowed attackers from lower privileged processes to read data of higher privileged ones.
Resolution
Existing mitigations need to be enhanced by updated Intel CPU Microcode, release 20250512 or higher.
Status
Additional Information
https://comsec.ethz.ch/research/microarch/branch-privilege-injection/
https://www.suse.com/security/cve/CVE-2024-45332
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000021844
- Creation Date: 20-May-2025
- Modified Date:20-May-2025
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
