A new class of security flaws in Intel processors, known as Branch Predictor Race Conditions (BPRC), has been discovered. These vulnerabilities allow attackers to extract sensitive data from the memory and cache of other users who share the same hardware.
The flaw impacts all Intel chips released in the past six years. This includes processors used in personal devices and cloud servers. The vulnerability takes advantage of speculative execution, a feature meant to speed up processing by predicting future instructions.
Researchers at ETH Zurich’s Computer Security Group (COMSEC) showed that hackers can use BPRC to bypass system-level security and read memory they shouldn’t have access to. They demonstrated that attackers could steal data at speeds over 5,000 bytes per second.
This issue is especially dangerous in cloud environments where multiple users share the same physical hardware. In these settings, the risk of one user accessing another’s data becomes much greater.
How Speculative Execution Leads to Security Risks
Modern CPUs use speculative execution to keep systems running fast. By predicting code paths, such as the outcome of an “if” statement, processors can work ahead without waiting for data to load.
However, this approach opens the door to side-channel attacks. These occur when hackers observe patterns in how the CPU behaves during speculation, revealing private information.
According to Kaveh Razavi, head of COMSEC, speculative execution can “undermine data security” by creating tiny time gaps in security checks when the processor switches users.
BPRC: A New Addition to a Growing List of CPU Flaws
BPRC is the latest in a series of similar vulnerabilities, following Spectre, Meltdown, and Retbleed. All of them exploit speculative execution to access protected memory. These recurring issues show how difficult it is to balance speed and security in CPU design.
The discovery of BPRC came during follow-up research on Retbleed. Former ETH Zurich PhD student Johannes Wikner found unusual cache signals that persisted even after Intel released fixes for Retbleed.
Further analysis by lead researcher Sandro Rüegge revealed the cause: a race condition lasting just nanoseconds. During user or process switches, the CPU briefly delays updating security permissions. In that tiny window, speculative instructions may run with outdated privileges.
Hackers can exploit this by inserting code that runs during the delay, giving them access to memory they shouldn’t see. Each attack can extract one byte of data, but running the attack repeatedly can steal thousands of bytes per second.
Cloud Systems at Greater Risk
Cloud services are especially at risk because many customers share the same hardware. If a hacker compromises one virtual machine (VM), they could read data from others on the same server, bypassing usual security barriers.
Intel’s Xeon chips used in cloud data centers are vulnerable, as are processors in edge computing systems and some IoT devices using Intel Atom or Core series chips.
Intel’s Response and the Road Ahead
Intel released microcode updates in late 2024 to reduce the risk from BPRC. These require BIOS or operating system-level updates to take effect.
But Razavi warns that such patches are temporary solutions. “The series of newly discovered vulnerabilities in speculative technologies indicates fundamental architectural flaws,” he said.
Each fix slows down the processor, which defeats the purpose of using speculative execution for speed in the first place.
Users are advised to install the latest updates for Windows, Linux, and firmware. Cloud providers must also apply patches to hypervisors and host systems without delay.
However, as with earlier flaws, full protection might only come from redesigned hardware. This is a difficult challenge, especially since so many systems still rely on older x86-based designs.
