Intel has released a new set of firmwares fixing CVE-2022-40982 (INTEL-SA-00828 <https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html>).

E.g. for my processor it's /lib/firmware/intel-ucode/06-8e-0c file. The affected microcode_ctl-2.1-53.1.fc37.x86_64 contains 0xf6 revision (2022-12-26), while latest upstream fixing the vulnerability has 0xf8 revision (2023-02-26 date).

Since Linux 6.4.9, one can observe status of the fix in "Gather data sampling" field of lscpu output and in "GDS" line in dmesg output:

$ dmesg -t | grep -E 'GDS|microcode'
microcode: updated early: 0xf0 -> 0xf6, date = 2022-12-26
GDS: Vulnerable: No microcode
microcode: Microcode Update Driver: v2.2.

$ dmesg -t | grep -E 'GDS|microcode'
microcode: updated early: 0xf0 -> 0xf8, date = 2023-02-26
GDS: Mitigation: Microcode
microcode: Microcode Update Driver: v2.2.

The updated firmware blobs can be downloaded from <https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/tree/main/intel-ucode> as linked from the Intel security advisory.