Malicious software that is able to execute code locally may be able to infer data values previously held in floating point registers, vector registers, and/or integer registers of the same logical processor.

[...]

Similar to other data sampling attacks, RFDS does not directly allow an attacker to select specific data to attack; only the stale data that exists in register files is able to be inferred.

[...]

Also note that the processor structure which holds the registers, called a register file, may hold temporary values used within operations (for example, data moved by REP MOVS or the keys used by Key Locker operations or AES-NI) and these values may also be inferred using RFDS.

[...]

Although stale values in a specific register file (for example, integer register files or floating point/vector register files) will eventually be overwritten by new instructions, this can require hundreds of operations writing to that register file. Because many software routines use only integer operations and not floating point or vector operations, in practice, stale floating point/vector values may persist in the register file longer than stale integer values.

Intel will release a microcode update which will modify certain operations3 (VERW, RSM, Key Locker operations4, and entering or exiting Intel® SGX enclaves) to overwrite affected stale register values.

On affected processors, software can execute the VERW instruction before changing security domains.

[...]

The VERW instruction may not overwrite integer register file data which is in use by Fast Store Forwarding Predictors. On processors which are affected by RFDS and support such predictors, software may choose to set IA32_SPEC_CTRL.PSFD (bit 7) to disable the use of these predictors.​
​