Support Content Notification - Support Portal

Branch Predictor Race Conditions (CVE-2024-45332)

Product/Component

Brocade Directors

5 more products

Notification Id

25726

Last Updated

14 May 2025

Initial Publication Date

14 May 2025

Status

CLOSED

Severity

LOW

CVSS Base Score

5.7 - CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

WorkAround

Affected CVE

CVE-2024-45332

Brocade Security Advisory ID	BSA-2024-2994
Component	CPU

Summary

Brocade is aware of Branch Privilege Injection: Exploiting Branch Predictor Race Conditions vulnerability (CVE-2024-45332).

Detail

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

FAQ By the Researchers

1. All intel processors since the 9th generation (Coffee Lake Refresh) are affected by Branch Privilege Injection. However, the researchers claimed to have observed predictions bypassing the Indirect Branch Prediction Barrier (IBPB) on processors as far back as 7th generation (Kaby Lake).

2. Does Branch Privilege Injection affect non-Intel CPUs?
No. The resaerchers'analysis has not found any issues on the evaluated AMD and ARM systems.

3. Are only Linux systems affected?
The researchers suggested that they have built the proof-of-concept attack specifically for Linux, the underlying issue is present in the hardware. Any operating system running on affected hardware is therefore also affected by Branch Privilege Injection.

Products Affected

Brocade Product Security has determined that the vulnerability doesn't affect any currently supported Brocade Fibre Channel Product from Broadcom. [VEX code: Component_not_present]

Statement on Brocade SANnav, Brocade ASCG, Brocade Support Link.

Brocade SANnav, Brocade ASCG, Brocade Support Link are Not Affected. However, the hardwares that host these Brocade Fibre Channel Products from Broadcom are not under Brocade's direct control. Brocade recommends customers follow their hardware vendors' advisories and recommendations for updates and security patches.

Revision History

Version	Change	Date
1.0	Initial Publication	May 14, 2025

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.