Publication Date: 2023/08/08 1:00 PM PDT AWS is aware of CVE-2022-40982, also known as “Gather Data Sampling” (GDS) or “Downfall”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services protect customer data against GDS
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
Publication Date: 2023/08/08 11:30AM PDT AWS is aware of CVE-2023-20569, also known as “RAS Poisoning” or “Inception”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services, protect customer data against Inception
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2023-006/
Greetings from the VMware Security Response Center! On August 8th, 2023, a transient execution side-channel vulnerability impacting Intel processors was disclosed in INTEL-SA-00828. Described as Gather Data Sampling (GDS) and identified by CVE-2022-40982, this vulnerability has been classified as Moderate in severity with a CVSSv3.1 base score of 6.5. VMware hypervisors may be impacted by … ContinuedThe post VMware Response to Gather Data Sampling (GDS) – Transient Execution
More info:
https://blogs.vmware.com/security/2023/08/cve-2022-40982.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2022-40982
On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that are maintained by the client to redirect traffic to a device that they control without the benefit of the VPN tunnel encryption. This advisory is available at the following
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-leak-Sew6g2kd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Bypassing%20Tunnels:%20Leaking%20VPN%20Client%20Traffic%20by%20Abusing%20Routing%20Tables%20Affecting%20Cisco%20AnyConnect%20Secure%20Mobility%20Client%20and%20Cisco%20Secure%20Client&vs_k=1
