Professional Documents
Culture Documents
Security Advisory 0028
Security Advisory 0028
August 2023
CVE-2022-40982
Version: 1.12
Summary
A newly announced Intel processor vulnerability, also known as "Downfall," leverages a
flaw in the memory optimization features in some Intel processors that can, under the
proper circumstances, disclose hardware registers to software.
Impact
If exploited, and under specific circumstances, certain Intel processors can leak hardware
register data during the Speculative Execution of software. If collected, this could allow
an attacker to obtain sensitive information when in a multi-tenant scenario.
Affected Products
This document will be updated with information as it is obtained, and should be
considered the single source of content. Please check the Nutanix Support Portal for the
latest update.
Nutanix Products
Product Fix Release
AHV Tentatively targeted for 6.8 release. ETA
pending
Note: AHV software mitigation is only required if BIOS mitigation has not yet been
applied.
Nutanix, Inc.
Tel +1-855-688-2549 • Fax +1-408-916-4039 • Email info@nutanix.com
© 2023 Nutanix, Inc. All Rights Reserved
Hardware
For hardware platforms other than the Nutanix NX series we recommend you consult
with the hardware manufacturer for up to date information. Links, when available, will be
referenced below.
Nutanix, Inc.
Tel +1-855-688-2549 • Fax +1-408-916-4039 • Email info@nutanix.com
© 2023 Nutanix, Inc. All Rights Reserved
Sources
Intel 2023.3 IPU Advisory -
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
National Vulnerability Database (NVD) - https://nvd.nist.gov/vuln/detail/CVE-2022-40982
MITRE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40982
Red Hat - https://access.redhat.com/solutions/7027704
VMware - https://blogs.vmware.com/security/2023/08/cve-2022-40982.html
Dell XC -
https://www.dell.com/support/kbdoc/en-us/000216580/dsa-2023-206-security-update-for-
dell-poweredge-server-for-intel-august-2023-security-advisories-2023-3-ipu
Lenovo HX - https://support.lenovo.com/us/en/product_security/LEN-134879#ThinkAgile
Fujitsu XF -
https://security.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-ISS-IS-2023-031500-S
ecurity-Advisory.asp?lng=com
HPE DX -
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf0451
8en_us
HPE DL -
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf0450
7en_us
Intel DCS - Not yet available
Cisco Series M6 - https://bst.cisco.com/bugsearch/bug/CSCwf30460
Microsoft Platform(s) -
https://support.microsoft.com/en-us/topic/kb5029778-how-to-manage-the-vulnerability-a
ssociated-with-cve-2022-40982-d461157c-0411-4a91-9fc5-9b29e0fe2782
Support
If you have questions, please open a case with Nutanix Support at
http://portal.nutanix.com or by calling Support at the phone number on the website
http://www.nutanix.com/support.
Nutanix, Inc.
Tel +1-855-688-2549 • Fax +1-408-916-4039 • Email info@nutanix.com
© 2023 Nutanix, Inc. All Rights Reserved
Revision History
Version Section Date
Nutanix, Inc.
Tel +1-855-688-2549 • Fax +1-408-916-4039 • Email info@nutanix.com
© 2023 Nutanix, Inc. All Rights Reserved