Branch Privilege Injection: Exploiting Branch Predictor Race Conditions

Branch Privilege Injection (CVE-2024–45332) brings back the full might of branch target injection attacks (Spectre-BTI) on Intel. Intel’s hardware mitigations against these types of attacks have held their ground for almost 6 years. In our work, we demonstrate how these mitigations can be broken due to a race condition in Intel CPUs.

https://comsec.ethz.ch/research/microarch/branch-privilege-injection/