CPU vulnerabilities

Affected product: Newer Intel/AMD CPUs + some IBM POWERS & some ARM-based CPU

Impact: Attacker can see information that they are not supposed to see.

CVE-ID: CVE-2017-5754 (Meltdown) CVE-2017-5753 (Spectre-V1) CVE-2017-5715 (Spectre-V2) CVE-2022-40982 (Downfall and Zenbleed)

Disclosure date: 20180105 Spectre & Meltdown 20230808 Downfall & Zenbleed

Recommended action: Be aware of your cloud provider might use CPUs that are vulnerable of such attacks, exposing sensitive information to other tenants.

Noteworthy: Due to the fact these vulnerabilities exploits modern processors that uses speculative/predictive execution.

References

Meltdown and Spectre

Cloudfare blog

Spectre and Meltdown explained: A comprehensive guide for professionals

Downfall and Zenbleed

Downfall Attacks

Zenbleed

AWS response to CVE-2022-40982 - Gather Data Sampling - Downfall

MS Azure response to CVE-2022-40982

GCP response to CVE-2022-40982