VMware Response to Gather Data Sampling (GDS) - Transient Execution Side-channel vulnerability impacting Intel processors (CVE-2022-40982) - VMware Security Blog

Greetings from the VMware Security Response Center!

On August 8th, 2023, a transient execution side-channel vulnerability impacting Intel processors was disclosed in INTEL-SA-00828.

Described as Gather Data Sampling (GDS) and identified by CVE-2022-40982, this vulnerability has been classified as Moderate in severity with a CVSSv3.1 base score of 6.5.

VMware hypervisors may be impacted by CVE-2022-40982 if they are utilizing an impacted Intel processor, but hypervisor patches are not required to resolve the vulnerability.

It is our recommendation that organizations using VMware hypervisors review INTEL-SA-00828 to determine if their Intel processor family is impacted by CVE-2022-40982. Impacted organizations should contact their hardware vendors for a firmware update if one is not already available.

Why CISOs Should Invest More Inside Their Infrastructure

Serpent - The Backdoor that Hides in Plain Sight

How Not to Build a SOC

Podcast: Discussing the latest security threats and threat actors - Tom Kellermann (Virtually Speaking)

VMware Response to Gather Data Sampling (GDS) – Transient Execution Side-channel vulnerability impacting Intel processors (CVE-2022-40982)

Related Articles