UpCloud
Effortless global cloud infrastructure for SMBs
Introducing
If you’re interested in what we have to offer, contact sales or fill out a contact form.
Our support live chat is available for our customers 24/7. You can also email our support team.
Send us an email to give feedback or to say hello.
Start a new journey
Why Partner with UpCloud?
I’ve been passionate about the hosting industry since 2001. Before founding UpCloud, my first company grew to become one of Finland’s largest shared web hosting providers, serving over 30,000 customers. Along the way, I faced the same challenges many of you know well—24/7 on-call responsibilities, solving technical issues, and managing customer inquiries.
At UpCloud, we’ve designed a platform that solves these challenges, offering reliability, scalability, and unparalleled support. We understand the pressures you face because we’ve been there too. Partner with us, and let’s help you focus on growing your business while we handle the rest.
Sincerely, Joel Pihlajamaa CTO, Founder
Login
Sign up
Posted on 22.8.2023
On August 8, 2023, Intel published a new security vulnerability that exploits Gather Data Sampling (GDS). Named Downfall by its discoverer, it impacts multiple generations of Intel processors used in both personal and cloud computers. Downfall is a transient execution side-channel vulnerability that targets a critical weakness found in many modern Intel processor models.
Following the publication of the new vulnerability affecting a subsection of our cloud infrastructure, we began to evaluate and implement the microcode update to mitigate the vulnerability.
No actions are required from customers.
This vulnerability, identified as CVE-2022-40982 with a CVSS Base Score of 6.5 Medium, allows malicious software to possibly infer data previously stored in vector registers used by either the same thread or the sibling thread on the same physical CPU core. In cloud infrastructure, an exploiter could use the Downfall vulnerability to steal data and credentials from other customers who share the same compute host.
Similar to data sampling transient execution attacks like Microarchitectural Data Sampling (MDS), the Downfall vulnerability is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.
These registers may have been used by other security domains such as other Cloud Servers, the operating system kernel, or Intel Software Guard Extensions (Intel SGX) enclaves. This allows untrusted software to access data stored by other programs, which should not normally be accessible.
Downfall defeats fundamental security boundaries in most Intel-based systems and is effectively a successor to previous data-leaking vulnerabilities in Intel CPUs including Meltdown and Fallout (AKA MDS). Mitigations applied to the previous vulnerabilities are ineffective against Downfall.
Accompanied by the release, Intel has provided a microcode update to mitigate GDS, and no software changes are required to enable the mitigation. We have applied the updates across our cloud infrastructure without interruptions or action required from our customers.
Intel has acknowledged that their microcode mitigation for Downfall has the potential to impact performance where gather instructions are used in performance-critical applications. Performance impact might be most visible in certain single-thread/CPU tasks that explicitly use the AVX512 instructions – mostly with cryptographic operations like video encoding/transcoding. Intel has not relayed any estimated performance impact claims from this mitigation.
As always, we highly recommend all our users keep their Cloud Servers up to date on security updates provided by your operating system vendor.
Should you have any questions or concerns, please don’t hesitate to contact our support team.
See all posts
July 25, 2023
Yesterday, on the 24th of July 2023, Google Project Zero published their findings of a new flaw in AMD’s Zen 2 processors. The vulnerability titled ‘Zenbleed’ affects the entire Zen 2 product stack, from AMD’s EPYC data center processors to the Ryzen 3000 CPUs. It can be exploited to steal sensitive data stored in the […]
August 17, 2018
Intel recently shared information about a newly identified vulnerability in their processors. It concerns a speculative execution side-channel method that Intel calls L1 Terminal Fault or L1TF for short. The vulnerability was discovered by two independent groups of researchers who have titled it Foreshadow. L1TF aka Foreshadow The Foreshadow vulnerability (CVE-2018-3615) is an exploit on the speculative execution […]
April 22, 2015
One of the most common questions our customers ask us is that how we can compete with the likes of Amazon Web Services (AWS) on price as they have economies of scale on their side.