Downfall and Zenbleed: Googlers helping secure the ecosystem

Google details two CPU vulnerabilities—Downfall (CVE-2022-40982) impacting Intel Core (6th–11th Gen) and Zenbleed (CVE-2023-20593) impacting AMD Zen2—that leak stale data from internal SIMD hardware registers via speculative execution (Gather and Zeroupper behaviors), outlines their technical roots, provides mitigation and disclosure timelines, and describes coordinated industry responses and fixes.