Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection

[Andrew Cooper <andrew.cooper3 () citrix com>]

Researchers from ETH Zurich have discovered Branch Privilege Injection,
a bug in hardware prediction-domain isolation whereby an attacker can
cause predictions to be tagged with the wrong mode/privilege, and then
use the incorrectly-tagged predictions to mount traditional Spectre-v2
attacks.

For more details, see:
https://comsec.ethz.ch/bprc
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01247.html

Intel are releasing microcode to address as part of IPU 2025.2.  There
are no software mitigations available.

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250512

~Andrew, on behalf of the Xen Security Team.