Intel’s Core 2 CPUs shipped through April contain an unprecedented number of potentially serious security flaws, and the chip giant isn’t releasing enough information to allow developers to assess or work around them, according to OpenBSD founder Theo de Raadt.De Raadt issued a blistering missive Wednesday on an OpenBSD listserv, writing: “These processors are buggy as hell, and some of these bugs don’t just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code.”
“I don’t think Intel has made a correct assessment of the impact that some of these flaws can have,” he told CRN. “I think that some of them have really severe potential security impacts.”
De Raadt based his comments on both an “errata list” Intel published in May and results from his own testing of the OpenBSD operating system on Core 2 chips. He said that most of the errors were most likely to cause system crashes, but that some might be exploited to create sophisticated attacks. He did not claim to be aware of any specific attacks that rely on these flaws.
continued @ CRN