Researchers from ETH Zurich have discovered Branch Privilege Injection, a bug in hardware prediction-domain isolation whereby an attacker can cause predictions to be tagged with the wrong mode/privilege, and then use the incorrectly-tagged predictions to mount traditional Spectre-v2 attacks.
For more details, see: https://comsec.ethz.ch/bprc https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html Intel are releasing microcode to address as part of IPU 2025.2. There are no software mitigations available. https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512 ~Andrew, on behalf of the Xen Security Team.
