On August 8th, 2023, Intel disclosed a vulnerability in its recent computer processor microarchitecture. This vulnerability, known as "Gather Data Sampling (GDS)" or "Downfall", may allow an attacker to obtain sensitive information from a system. This vulnerability is assigned CVE ID as CVE-2022-40982 and has been given a medium severity by Intel.
CVE-2022-40982 is a transient execution side-channel vulnerability that affects Intel® Core processors from the 6th Generation (Skylake) to the 11th Generation (Tiger Lake). It allows an attacker with local access to infer stale data from previously used vector registers on the same physical core. A detailed description can be found in the “Downfall: Exploiting Speculative Data Gathering” paper.
If an attacker is able to exploit this vulnerability, they could potentially exfiltrate information contained within different security contexts (i.e., other virtual machines or even the host device).
IONOS Cloud is committed to the privacy and security of our customers' data. We are aware of this vulnerability and have already initiated the required steps to mitigate this vulnerability. We are also investigating the exposure and risk of this vulnerability for our customer’s products and instances.
We will provide necessary updates as we learn more.
If you have further questions or concerns about this vulnerability, please contact our customer support team.
The Vulnerability Register reports security vulnerabilities affecting IONOS Cloud products and services. The information provided is part of an ongoing effort to help you manage security risks and protect your systems.
| CVE ID | CVSS Base score | Severity | Is Patch available | Patch Deployed on | Patch Responsibility |
|---|---|---|---|---|---|
Disclaimer: Please note that you will leave our site by clicking on external links. We do not have control over the content or availability of the linked websites, nor do we endorse or guarantee their accuracy, relevance, or completeness. We are not responsible for any issues from accessing or using these external websites, and we recommend reviewing the terms and privacy policies.
We highly recommend using the NIST (National Institute of Standards and Technology) public vulnerability database as an invaluable resource for your security efforts. The NIST public vulnerability database provides comprehensive information on known vulnerabilities, including detailed descriptions, severity ratings, and mitigation strategies.
For third-party dependant assets and services provided by IONOS Cloud, we recommend that you closely monitor the below external resources for the latest security-related information.
| Product | Asset | Vulnerability Register |
|---|---|---|
| Product | Asset | Vulnerability Register |
|---|---|---|
To stay informed about the latest security vulnerabilities affecting various software, operating systems, and network components, regularly monitoring and referencing the above resources are crucial. By doing so, you can proactively assess and address potential security risks within your infrastructure.
6.5
Medium
Yes
14.08.2023
IONOS Cloud
Images & Snapshots
Windows Images
Images & Snapshots
Ubuntu Images
Images & Snapshots
Debian Images
Images & Snapshots
AlmaLinux Images
Images & Snapshots
Rocky Linux Images
Images & Snapshots
RHEL Images
Images & Snapshots
ClearOS Images
Images & Snapshots
Microsoft SQL Server Images
Managed Kubernetes
Kubernetes resources
Managed Backup
Backup Agent
Database as a Service
PostgreSQL resources
Database as a Service
MongoDB resources