OpenBSD founder Theo de Raadt publicly denounced Intel’s Core 2 processors on the OpenBSD mailing list. Raadt cited 38 pages of processor errata from Intel’s published CPU specifications (PDF).
“These processors are buggy as hell, and some of these bugs don’t just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code," Raadt said. "Some of these are things that cannot be fixed in running code, and some are things that every operating system will do until about mid-2008, because that is how the MMU has always been managed on all generations of Intel/AMD/whoeverelse hardware."
Linux coordinator and former Transmeta employee Linus Torvalds, thought otherwise and considers these bugs “totally insignificant.”
Processor errata is nothing new, Torvalds said. Commodity CPUs such as chips based on the Intel Core 2 architecture have a considerably lower bug rate than proprietary boutique CPUs.
“Yeah, x86 errata get more attention," said Torvalds. "But those things are pretty damn well tested. Better than most.”
The errata document specifically mentions the Core 2 Duo E4000, E6000, and X6800 series processors. None of the errata are nearly as insidious or widespread as more infamous problems, like the original Pentium floating-point bug, although some can lead to buffer overflow exploits, claims de Raalt. All of the current errata have patches in the works or can be — and have been — worked around by developers.
In a statement from Intel Global Communications, Nick Knuppfer writes:
“Months ago, we addressed a processor issue by providing a BIOS update for our customers that in no way affects system performance. We publicly documented this as an erratum in April. All processors from all companies have errata, and Intel has a well-known errata communication process to inform our customers and the public. Keep in mind the probability of encountering this issue is extremely low."
“Specification Updates for the affected processors are available at http://developer.intel.com. All errata are thoroughly investigated for issues and vulnerabilities, should they have any we fix them, usually through a microcode update.”