Buried deep in a pile of slashdot comments, Matthew Dillon of DragonFly gives a detailed assessment of the Intel Core bugs. While a lot of news sites and bloggers were quick to dismiss the issue as inflated, Dillon's comments provide a much closer look at the actual issues.
"So, in summary, AE3 scares the hell out of me, and for the others AE5, AE8, AE21, and AE30 look serious."
His comments are actually so detailed that it's impractical to reproduce them here. The ones he mentions specifically:
AE3 - POPF/POPFD that sets the trap flag (aka when single-stepping a program) may cause unpredictable behavior. This one is serious.
AE5 - Memory aliasing with inconsistent dirty and Access bits may cause a processor deadlock. This means a PTE with 'D'irty set but with 'A'ccess not set. FreeBSD and DragonFly always set the A bit when setting the D bit and will not be effected but I don't know about other OSs. This is a very serious bug though.
AE8 - FXSAVE after FNINIT without an intervening FP instruction may save uninitialized values for FDP and FDS. This isn't an issue unless the data being written represents a security leak of some sort, such as a portion of the state of another program's FP unit. This could be a security issue with regards to one program snooping another program's cryptography. Statistical snooping possible through this sort of mechanic has been shown to be effective in recent years.
AE21 - The execution disable bit is shared between cores. I'm not sure what this means but Intel seems to think that it compromises an anti-hacker feature. Sounds pretty serious.
AE30 - Global pages in the DTLB may not be flushed by RSM instructions before restoring the architectural state from SMRAM. This is catastrophic for any software that uses global pages in SMM mode. It means that no software can use global pages in SMM mode. Operating systems usually do not have any control over what is run in SMM mode so this is a BIOS issue for the most part.