There is evidence that an Intel CPU bug, which could have lasting consequences for Amazon, Google, and other major cloud providers, is about to be disclosed. While a fix is in the pipeline, people say that it could impose performance penalties of as much as 35 percent. AMD chips are reportedly unaffected.
There is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case, the software fix causes huge slowdowns in typical workloads.
A public demonstration for such an attack scenario can be found here.
How bad is the security issue?
With a huge 5-30% decrease in performance, AMD is going to have a massive win here – buy Ryzen CPUs and receive a CPU that will perform better than an equally priced Intel CPU, post-OS patch. This will send shock waves through the industry, and completely change benchmarking for things like me – as once I patch my OS, a 5-30% performance drop affects absolutely everything I do.
Can my antivirus detect or block this attack?
While possible in theory, this is unlikely in practice.