| Disclosure date: 2025-05-13 Published date: 2025-05-21 |
 Severity rating: 5.6 Medium |
Industry-wide severity ratings can be found in the National Vulnerability Database |
Related Content
Aliases
- Branch Privilege Injection
Overview
Researchers from ETH Zurich reported that on Intel processors which support enhanced IBRS, some indirect branch predictor updates may be delayed until after mode switches (such as user to supervisor mode) or after branch predictor barriers. This behavior causes no functional issues but can impact hardware mitigations for Branch Target Injection (Spectre v2).
Intel is providing a microcode update to resolve this Indirect Branch Predictor Delayed Update issue on the impacted processors, so the branch target injection hardware mitigation can be effective as expected. For this microcode update, Intel's performance tests conclude that standard benchmarks are within normal run-to-run variation. Certain microbenchmarks with a high number of back-to-back system calls show a performance impact; however, such microbenchmarks do not reflect real world workloads.
Refer to the consolidated affected processors table for a list of processors which may be affected. Indirect branch predictor delayed updates is assigned CVE-2024-45332 with CVSS Base Score 5.6 Medium CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N.