Greetings from the VMware Security Response Center!
On August 8th, 2023, a transient execution side-channel vulnerability impacting Intel processors was disclosed in INTEL-SA-00828.
Described as Gather Data Sampling (GDS) and identified by CVE-2022-40982, this vulnerability has been classified as Moderate in severity with a CVSSv3.1 base score of 6.5.
VMware hypervisors may be impacted by CVE-2022-40982 if they are utilizing an impacted Intel processor, but hypervisor patches are not required to resolve the vulnerability.
It is our recommendation that organizations using VMware hypervisors review INTEL-SA-00828 to determine if their Intel processor family is impacted by CVE-2022-40982. Impacted organizations should contact their hardware vendors for a firmware update if one is not already available.
