News + Trends
This is why your Core Ultra 200S CPU slows down your SSD
by Kevin Hofer
New security vulnerabilities threaten Intel and Arm processors
14.5.2025
Translation: machine translated
Researchers have uncovered two serious security vulnerabilities that affect both Intel and Arm chips. Intel is responding with the first microcode patches, which are being rolled out via firmware updates, while the first software patches have also been implemented for Linux.
Two independent teams from Vrije University Amsterdam and ETH Zurich have found new vulnerabilities in current processors. The first, «Training Solo», is based on the known Spectre v2 vulnerability and affects Intel and Arm processors. The second vulnerability, «Branch Privilege Injection», only affects Intel CPUs.
Spectre v2 returns: Training Solo
The vulnerability «Training Solo» was discovered by researchers at Vrije University Amsterdam and shows that even sophisticated Spectre v2 protection measures can be circumvented. This involves manipulating the jump prediction within a single security domain so that data worthy of protection can be read.
Affected are all Intel CPUs based on the Skylake microarchitecture - such as Tiger Lake, Lion Cove, Raptor Lake and the new Core Ultra 200 models (Arrow Lake and Lunar Lake). Arm-based processors are also said to be affected - it is currently unclear exactly which ones.
In Training Solo, several new hardware vulnerabilities - including CVE-2024-28956, CVE-2025-24495 or CVE-2025-20012 - to undermine the isolation between the security domains. Even if software mitigation solutions such as Linux kernel patches (e.g. via Indirect Target Selection, ITS) have already been implemented, the root of the problem lies in the microarchitecture of the affected CPUs.
Branch Privilege Injection: New threat only for Intel processors
The vulnerability «Branch Privilege Injection» was identified by researchers at ETH Zurich and only affects Intel processors. This exploits a race condition when updating the jump prediction so that privileged memory areas can be read.
All Intel CPUs from Skylake (Q3 2015) to current models such as Raptor Lake are put to the test. Here, too, an internal hardware design error in the microarchitecture is to blame, which must be rectified by corresponding microcode and software updates.
What users can do
Intel has already released the first microcode updates, which are distributed via UEFI updates from the motherboard manufacturers.
In a statement, the company writes: «Intel is strengthening its Spectre v2 hardware protection measures and recommends that customers contact their system manufacturer for an update. To date, Intel is not aware of any real-world exploits of transient execution vulnerabilities.»
While these updates are already being tested for Branch Privilege Injection, no comprehensive solution yet exists for Training Solo - apart from the Linux kernel patches already integrated. It is advisable to regularly check for the latest firmware updates.
Header image: Shutterstock
Martin Jud
Senior Editor
martin.jud@digitecgalaxus.chI find my muse in everything. When I don’t, I draw inspiration from daydreaming. After all, if you dream, you don’t sleep through life.
Computing
Follow topics and stay updated on your areas of interest
31 comments
later