{
  "threat_severity" : "Moderate",
  "public_date" : "2023-08-08T06:30:00Z",
  "bugzilla" : {
    "description" : "hw: Intel: Gather Data Sampling (GDS) side channel vulnerability",
    "id" : "2223949",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2223949"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2023-11-21T00:00:00Z",
    "advisory" : "RHSA-2023:7424",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1160.105.1.rt56.1256.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2023-11-21T00:00:00Z",
    "advisory" : "RHSA-2023:7423",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1160.105.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2024-05-23T00:00:00Z",
    "advisory" : "RHSA-2024:3319",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "kernel-0:3.10.0-1062.88.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:6901",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7077",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-513.5.1.el8_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2024-03-12T00:00:00Z",
    "advisory" : "RHSA-2024:1268",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.128.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "release_date" : "2024-03-12T00:00:00Z",
    "advisory" : "RHSA-2024:1269",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.2::nfv",
    "package" : "kernel-rt-0:4.18.0-193.128.1.rt13.179.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "release_date" : "2024-03-12T00:00:00Z",
    "advisory" : "RHSA-2024:1268",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.2",
    "package" : "kernel-0:4.18.0-193.128.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "release_date" : "2024-03-12T00:00:00Z",
    "advisory" : "RHSA-2024:1268",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.2",
    "package" : "kernel-0:4.18.0-193.128.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2024-01-30T00:00:00Z",
    "advisory" : "RHSA-2024:0562",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.120.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2024-01-30T00:00:00Z",
    "advisory" : "RHSA-2024:0563",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.4::nfv",
    "package" : "kernel-rt-0:4.18.0-305.120.1.rt7.196.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "release_date" : "2024-01-30T00:00:00Z",
    "advisory" : "RHSA-2024:0562",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.4",
    "package" : "kernel-0:4.18.0-305.120.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "release_date" : "2024-01-30T00:00:00Z",
    "advisory" : "RHSA-2024:0562",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.4",
    "package" : "kernel-0:4.18.0-305.120.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-01-25T00:00:00Z",
    "advisory" : "RHSA-2024:0412",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.6",
    "package" : "kernel-0:4.18.0-372.87.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "release_date" : "2023-11-28T00:00:00Z",
    "advisory" : "RHSA-2023:7539",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.8",
    "package" : "kernel-0:4.18.0-477.36.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6583",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-362.8.1.el9_3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2024-03-12T00:00:00Z",
    "advisory" : "RHSA-2024:1250",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "kernel-0:5.14.0-70.93.2.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2024-03-13T00:00:00Z",
    "advisory" : "RHSA-2024:1306",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.93.1.rt21.165.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2023-11-21T00:00:00Z",
    "advisory" : "RHSA-2023:7370",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "kernel-0:5.14.0-284.40.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2023-11-21T00:00:00Z",
    "advisory" : "RHSA-2023:7379",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.40.1.rt14.325.el9_2"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2024-01-25T00:00:00Z",
    "advisory" : "RHSA-2024:0412",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "kernel-0:4.18.0-372.87.1.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-40982\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40982\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" ],
  "name" : "CVE-2022-40982",
  "mitigation" : {
    "value" : "The vulnerability can be mitigated by installing the CPU microcode package microcode_ctl version 20230808.",
    "lang" : "en:us"
  },
  "csaw" : false
}