I'm not sure if it's been mentioned here before but there apparently is a bug affecting all Intel CPUs manufactured in the last 10 years or so, in which protected kernel memory is leaked to userspace. It can't be patched in microcode and will lead to some serious overhead to patch in the OS. See, Huge Intel CPU Bug Allegedly Causes Kernel Memory Vulnerability With Up To 30% Performance Hit In Windows And Linux <https://hothardware.com/news/intel-cpu-bug-kernel-memory-isolation-linux-windows-macos> and Meltdown and Spectre <https://meltdownattack.com/>.
Reported at Bug 643360 <https://bugs.gentoo.org/643360>.
