The tech news gods can have a funny sense of humor sometimes.
Not long after I wrote that AMD faced an uphill battle in early 2018 due to stiff competition from Intel (INTC) - Get Report and Nvidia (NVDA) - Get Report, the company was gift-wrapped what initially looked like a big selling point for both its PC and server CPU lines. It came in the form of an article discussing a major security flaw reportedly affecting all Intel CPUs to ship in recent years.
But Intel's response to the story raises questions about how much AMD stands to gain. And even before the response, the market's reaction to the news -- at one point, Intel shares were down over 6%, and AMD shares up over 10% -- felt excessive, a classic case of investors fearing uncertainty and pricing in a worst-case scenario.
Intel's sales might be hurt by the security flaw in the coming weeks -- its server CPU sales to cloud giants especially could be affected -- and the company will almost certainly face class-action suits over the issue. But that doesn't necessarily mean Intel's biggest customers are going to abandon the company.
Late on Jan. 3, The Register reported that systems relying on Intel processors sold over the last decade have a vulnerability that can allow programs to access sensitive info (passwords, login keys, etc.) in the "protected" memory areas of an operating system's kernel, despite lacking the necessary privileges. Intel hasn't yet shared details about the vulnerability, but is expected to do so soon.
The good news: The vulnerability can be removed via operating system patches that serve to isolate a kernel's memory page tables from regular OS user processes. Microsoft (MSFT) - Get Report and Linux developers are already working on patches; Microsoft's could arrive on Tuesday. And Apple appears to have already dealt with the problem via its Dec. 6 macOS 10.13.2 update.
The bad news: The patch yields a performance hit. The Register suggested the hit could be in a range of "five to 30 per cent slow down, depending on the task and the processor model." However, it added that newer Intel CPUs have features such as process-context identifiers (PCIDs) that could diminish the performance hit. In its statement issued on Wednesday afternoon, however, Intel said any performance impact from security patches is workload-dependent and "should not be significant" for the "average computer user."
A test involving the use of the PostgreSQL database on a Linux system running Intel's high-end Core i7-6820HQ notebook CPU turned up a 7% performance hit when PCID was enabled, and a 16% hit when it was disabled. Another test from the same developer that tried to "get closer to the worst case [scenario]" produced a 17% hit when PCID was enabled, and a 23% hit when it was disabled.
A big reason AMD popped on the news: In an e-mail shared on a Linux forum on Dec. 26, AMD engineer Tom Lendacky says his company's processors "are not subject to the types of attacks that the kernel page table isolation feature protects against." The cited reason: AMD's CPU microarchitecture doesn't support "speculative" memory references that allow processors to execute a program's code before checking the program's privilege level.
AMD's reported comments naturally fueled hopes that Intel customers -- whether consumer PC buyers, corporate PC buyers or enterprise and cloud server buyers -- will be more willing to buy AMD-powered systems that don't need a performance-damaging OS patch. And those hopes, of course, are strengthened by the fact that AMD's CPU lineup is much stronger than they were a year ago, thanks to the launch of chips based on its new Zen CPU core architecture. Specifically, those Zen chips are the Ryzen (desktop), Ryzen Mobile (notebook), Ryzen Threadripper (enthusiast PC/workstation) and Epyc (server/workstation) processor families.
However, on Wednesday afternoon, Intel responded to The Register's report by suggesting that "many different vendors' processors and operating systems" are affected by the vulnerability in question. The company added that it's working with AMD, CPU IP giant ARM Holdings and several OS vendors to "develop an industry-wide approach to resolve this issue promptly and constructively."
Further complicating the story: A patch from Linux developers prevents AMD x86 CPUs from being affected by the security fix. As a result, some are speculating only AMD's ARM-architecture products (a small percentage of its processor sales) are impacted, and that x86 CPUs such as Zen-based chips aren't.
Later on Wednesday afternoon, AMD officially responded to the controversy by stating that its processors aren't susceptible to all of the three attack threats caused by the speculative code-execution vulnerability in question. "Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time. We expect...security research to be published later today and will provide further updates at that time," the company said.
Following Intel's statement, its shares pared their losses and closed down 3.4% to $45.26. Likewise, AMD shares pared their gains and closed up 5.2% to $11.55.
Should the security patches cause only a modest performance hit to typical PC workloads, as Intel's remarks suggest, it's unlikely that Intel will lose a significant amount of PC CPU share as a result. That's particularly true since the company is in the midst of rolling out 8th-gen Core i3, i5 and i7 PC CPU lines that on many benchmarks have yielded 30%-plus performance gains relative to comparable 7th-gen chips.
Corporate PC buyers are especially unlikely to jump ship. Many subscribe to a "No one ever got fired for buying Intel" mindset, and a small performance dip caused by a security patch shouldn't weaken that mindset much.
In the server CPU space, things are a little more complicated. Database and benchmark tests do point to meaningful performance hits for certain I/O-intensive workloads (workloads featuring the reading and writing of lots of data), and that can't sit well with buyers of servers meant to run such workloads. Cloud giants such as Amazon.com (AMZN) - Get Report and Alphabet/Google (GOOGL) - Get Report , whose performance demands have led them to seek custom Xeon server chips from Intel, are especially likely to be on edge over the matter.
It's possible that some of these clients could reduce their Xeon purchases while Intel scrambles to develop server CPUs that don't have the kernel memory security flaw in question. And assuming AMD's CPU are indeed immune to the flaw, it's also possible that some could take a closer look at AMD's aggressively-priced Epyc CPUs for the time being.
However, that's a short-term problem for Intel, rather than a doomsday scenario. For now, a lot remains unknown about the scope of the problem Intel is facing, as well as how quickly and effectively it can deal with it. But there are already reasons to think the initial panic-selling seen in Intel shares was excessive.
Jim Cramer and the AAP team hold positions in Nvidia, Microsoft, Apple and Alphabet for their Action Alerts PLUS Charitable Trust Portfolio. Want to be alerted before Cramer buys or sells NVDA, MSFT, AAPL or GOOGL? Learn more now.
More of What's Trending on TheStreet: