Posted on 22.8.2023

New Intel CPU vulnerability GDS/Downfall

On August 8, 2023, Intel published a new security vulnerability that exploits Gather Data Sampling (GDS). Named Downfall by its discoverer, it impacts multiple generations of Intel processors used in both personal and cloud computers. Downfall is a transient execution side-channel vulnerability that targets a critical weakness found in many modern Intel processor models.

Following the publication of the new vulnerability affecting a subsection of our cloud infrastructure, we began to evaluate and implement the microcode update to mitigate the vulnerability.

No actions are required from customers.


This vulnerability, identified as CVE-2022-40982 with a CVSS Base Score of 6.5 Medium, allows malicious software to possibly infer data previously stored in vector registers used by either the same thread or the sibling thread on the same physical CPU core. In cloud infrastructure, an exploiter could use the Downfall vulnerability to steal data and credentials from other customers who share the same compute host.

Similar to data sampling transient execution attacks like Microarchitectural Data Sampling (MDS), the Downfall vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.

These registers may have been used by other security domains such as other Cloud Servers, the operating system kernel, or Intel Software Guard Extensions (Intel SGX) enclaves. This allows untrusted software to access data stored by other programs, which should not normally be accessible.


Downfall defeats fundamental security boundaries in most Intel-based systems and is effectively a successor to previous data-leaking vulnerabilities in Intel CPUs including Meltdown and Fallout (AKA MDS). Mitigations applied to the previous vulnerabilities are ineffective against Downfall.

Accompanied by the release, Intel has provided a microcode update to mitigate GDS, and no software changes are required to enable the mitigation. We have applied the updates across our cloud infrastructure without interruptions or action required from our customers.

Intel has acknowledged that their microcode mitigation for Downfall has the potential to impact performance where gather instructions are used in performance-critical applications. Performance impact might be most visible in certain single-thread/CPU tasks that explicitly use the AVX512 instructions – mostly with cryptographic operations like video encoding/transcoding. Intel has not relayed any estimated performance impact claims from this mitigation.

As always, we highly recommend all our users keep their Cloud Servers up to date on security updates provided by your operating system vendor.

Should you have any questions or concerns, please don’t hesitate to contact our support team.

Janne Ruostemaa


Thrilling milestones on the roadmap for the year 2020

The start of a new year, and a new decade at that, brings much for us to be excited about. Not only did we recently announce our largest investment round to date but we are already busy putting the funding to good use! Team UpCloud is going to be growing substantially in the coming months as […]

Vision and culture

UpCloud’s development roadmap: What to look forward to in 2021

The year has turned, and UpCloud welcomes you to 2021, ready again to show you what the best cloud infrastructure can offer for your business. The last year has proven the capabilities of our brand, products and most importantly, the strength of our teams. We’ve been happy to see many new users coming and staying […]


Vision and culture

Bigger Is Not Necessary Better: AWS vs. UpCloud

One of the most common questions our customers ask us is that how we can compete with the likes of Amazon Web Services (AWS) on price as they have economies of scale on their side.


Back to top