New Intel CPU have "Kernel Memory Leak" bug, which passes the data, without checking if it is secure and by doing that they are getting more perfromance.
It's a bit more complex than that: Intel CPUs do what is known as 'speculative execution", where operations passed to the CPU are executed as soon as they can be, even if they depend on another operation to have been executed first. For example, if an operation may branch (e.g. "if A, then do B,
or if C then do D"), but there may be so much spare CPU time left over in a cycle that while whole the "A or C test" operation is still executing, there is time to also do both B
and D operations, and then return just the results of the correct one when the "A or C" operation has completed. The result of the next operation will already be ready to go immediately as it has already been executed.
What appears to be the security hole (and this has not been published, so is based on speculation from the public fixes in the Linux kernel) is that in the event one of those earlier operations was a privilege level check, the operation that check was supposed to be gating may have been executed when it should have been denied. In theory, the 'you weren't allowed to do that' branch operation would just be discarded and all would be well (the return would just be "no", and the actual result purged from the register), but it appears there is also some bug that allows access to the memory that operation would be putting its results into from an area that has lower privileges, between the time it is actually executed and the time it is discarded. The fix is to enforce putting the branched results in memory that is fixed to not allow privileged reads, rather than the current method of dynamically allocating it; or to not do this speculative execution at all for certain operations.
The performance impact of this in practice depends very much on the workload. If you're doing lots of virtualised I/O operations it may be a big impact. If you are gaming, doing video encoding, or pretty much any desktop workload, you're unlikely to even be able to measure the performance impact.
Except he was aware of the issue before selling them as patches were already ongoing..
For sure he will be sued for insider trading
It's been a mad scramble to implement fixes for this all around. It's not impossible the share sale was approved quite some time before Intel ever learnt of this flaw, as executive share sales are fairly heavily regulated and approval takes time. It may even be that the sale was actually
executed just before the flaw was discovered, or it may be that the flaw was discovered between the approval process being started and the sale occurring, without a procedure to abort the sale mid-process (or post-request aborts being explicitly denied).
