CVE-2022-40982

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-40982, also known as "Downfall," is a significant software vulnerability discovered in Intel processors. Revealed by Google researchers, this side-channel attack targets memory optimization within Intel Core processors from the 6th to 11th generations, and Xeon Intel x86-64 CPUs from the 1st through 4th generations. The flaw exposes these chips to potential security breaches via local access, putting a vast range of devices at risk. The Downfall vulnerability was publicly disclosed on August 8, 2023, following intensive research and analysis. It is part of a series of newly discovered vulnerabilities affecting CPUs, including Zenbleed (CVE-2023-20593) which affects AMD's Zen 2 architecture-based processors, and others named Collide+Power (CVE-2023-20583) and Inception (CVE-2023-20569). These vulnerabilities represent a broad spectrum of threats to CPU security, with Downfall being particularly concerning due to its impact on widely used Intel processors. Also known as Gather Data Sampling (GDS), Downfall presents a serious challenge to the security of affected Intel processors. The vulnerability lies in the design and implementation of the software, creating a potential avenue for attackers to exploit. As such, it is critical for users of the affected processors to apply any available patches or updates to mitigate the risk associated with this vulnerability.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Zenbleed
1
Zenbleed is a significant vulnerability discovered in AMD processors, specifically those in the Ryzen 3000, 4000, 5000, and 7000 series. This flaw in software design or implementation was named Zenbleed due to its ability to expose sensitive data such as cryptographic keys, runtime data, and arbitra
Gather Data Sampling Gds
1
Gather Data Sampling (GDS) is a significant vulnerability, also known as Downfall (CVE-2022-40982), affecting the 6th through 11th generations of consumer chips and the 1st through 4th generations of Xeon Intel x86-64 CPUs. The flaw impacts memory optimization features in these processors and allows
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
amd
Vulnerability
Debian
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-20569Unspecified
1
CVE-2023-20569, a software vulnerability also known as "Inception", was discovered and disclosed by ETH Zurich academics. This flaw in software design or implementation potentially leads to information disclosure. The vulnerability is named "Inception" in reference to the Christopher Nolan film abou
CVE-2023-20583Unspecified
1
None
cve-2023-20593Unspecified
1
CVE-2023-20593, also known as Zenbleed, is a software vulnerability discovered in AMD's Zen2 processors. This flaw in software design or implementation was announced today and has been identified as a Cross-Process Information Leak. The vulnerability arises from mishandling of the 'vzeroupper' instr
Inception Cve-2023-20569Unspecified
1
None
Collide+power Cve-2023-20583Unspecified
1
None
Source Document References
Information about the CVE-2022-40982 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
6 months ago
CentOS 7 update for kernel
CERT-EU
9 months ago
Intel knew AVX chips were insecure and did nothing – lawsuit
CERT-EU
8 months ago
RedHat Linux Kernel Multiple Vulnerabilities
CERT-EU
8 months ago
Intel Faces 'Downfall' Bug Lawsuit
CERT-EU
8 months ago
Chip Buyers Sue Intel Over Downfall Vulnerability
CERT-EU
8 months ago
Intel knew about the Downfall CPU vulnerability but did nothing for five years, a new class action claims
CERT-EU
9 months ago
Intel Faces 'Downfall' Bug Lawsuit, Seeking $10K per Plaintiff
CERT-EU
9 months ago
Linux Kernel 6.6 is Here: Find Out What’s New
CERT-EU
9 months ago
Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Exposure Function
CERT-EU
9 months ago
GovCERT.HK - Security Alerts
CERT-EU
10 months ago
Boletines de Vulnerabilidades
CISA
10 months ago
Siemens SIMATIC IPCs | CISA
CERT-EU
10 months ago
Information disclosure in Siemens SIMATIC IPCs
CERT-EU
10 months ago
Ubuntu 6357-1: Linux kernel (IBM) vulnerabilities | LinuxSecurity.com
CERT-EU
a year ago
With UEFI, TPM, Pluton Etc. Microsoft and Intel/AMD Trashed an Entire Generation of Computers, Made Security a Lot Worse in Order to Curtail GNU/Linux and BSD Adoption
CERT-EU
a year ago
Ubuntu 6315-1: Linux kernel vulnerabilities | LinuxSecurity.com
CERT-EU
a year ago
Mageia 2023-0251: kernel-linus security update | LinuxSecurity.com
CERT-EU
a year ago
Companies Respond to ‘Downfall’ Intel CPU Vulnerability 
CERT-EU
a year ago
Recapping the top stories from Black Hat and DEF CON
CERT-EU
a year ago
'Downfall' and Intel Macs: What you need to know about the flaw and fix