VUSec reveal 'Training Solo', more security issues for Intel and Arm CPUs

By Liam Dawe - 12 May 2025 at 5:42 pm UTC
Last updated: 12 May 2025 at 5:43 pm UTC

Researchers at VUSec have revealed what they're calling "Training Solo", a set of security issues across Intel and Arm CPUs that sound pretty annoying and serious.

It's all thoroughly complicated stuff, so they've included a TL;DR (too long; didn't read) in the project post:

We present Training Solo, the first systematic analysis of self-training Spectre-v2 attacks that break the core assumption behind domain isolation—even when implemented perfectly. Our work shows that attackers can speculatively hijack control flow within the same domain (e.g., kernel) and leak secrets across privilege boundaries, re-enabling classic Spectre-v2 scenarios without relying on powerful sandboxed environments like eBPF. We created a new test-suite to analyze the branch predictor in a self-training scenario.

We present three new classes of self-training Spectre-v2 attacks, backed by two end-to-end exploits on recent Intel CPUs that leak kernel memory at up to 17 KB/sec. Along the way, we uncovered two new hardware issues (CVE-2024-28956 and CVE-2025-24495) that completely break the domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks.

Going over the blog post they list the three different issues and what generations of CPUs they affect:

History-based attacks: "Affected: All Intel CPUs with eIBRS, including Intel’s latest generation Lion Cove which features the BHI_NO feature. Selected ARM CPUs, see vendor website".
Indirect Target Selection (ITS) (CVE-2024-28956): "Affected: Intel Core 9th-11th, Intel Xeon 2nd-3rd".
Lion Cove BPU issue (CVE-2025-24495): "Affected: Intel CPUs with Lion Cove core (Lunar Lake / Arrow Lake)".

Best make sure you check for some updates soon. You'll need a mixture of Linux kernel updates and firmware for this.

See all the details in their website post.

Article taken from GamingOnLinux.com.

Tags: Security, ARM, Hardware, Intel, Misc

3 Likes

About the author - Liam Dawe

I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me

Some you may have missed, popular articles from the last month:

EA rebrand and refresh their anti-cheat into EA Javelin Anticheat, still blocks Linux / Steam Deck

Detective Dotson is a mystery adventure that's a love letter to India worth exploring out now

SteamOS 3.7.5 for Steam Deck now in Beta with big upgrades and initial support for more hardware

The UPERFECT UColor O2 is a brilliant portable monitor

You can also find comments for this article on social media: Mastodon

All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.

No comments yet!

While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations:

PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!