Over the span of less than three hours, Intel (INTC) and AMD (AMD) engaged in a pretty remarkable back-and-forth over a security issue that led Intel's shares to tumble, and AMD's to jump, earlier in the day. Along the way, Alphabet/Google (GOOGL) chimed in as well.
This silicon soap opera still has some important unanswered questions. But based on what Intel and AMD have said to date, it does look like AMD has an opportunity to take some share while Intel scrambles to roll out hardware-based solutions to a problem that in some cases can hurt an app's performance if only handled by software. Albeit more so in the server and workstation markets than in "mainstream" PC markets.
For those just tuning in, the security flaw in question allows unauthorized programs to access -- through one of three methods -- passwords and other sensitive info stored in "protected" memory areas of an operating system kernel, should a system's CPU support "speculative" memory references that allow it to execute a program's code before checking its privilege level.
A late Tuesday column from The Register suggested the problem was specific to Intel CPUs, and that operating system patches meant to fix the issue -- Microsoft (MSFT) , Apple (AAPL) and Linux developers have already rolled them out -- could yield performance hits of 5% to 30%, depending on the workload in question. It also noted remarks from an AMD engineer that suggested AMD's CPUs don't possess the security flaw.
On Wednesday afternoon, after Intel's shares had nosedived on the news, the chip giant responded to the story by stating many types of processors are affected by the security flaw, and that it's working with AMD, ARM Holdings and OS vendors to address it. It added "any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time."
Soon afterwards, AMD responded with a short statement asserting there's "near zero risk to AMD processors at this time" on account of the issue. The company later defended its claim with findings from a Google security research team that originally uncovered the security vulnerabilities last year.
The findings indicate AMD's CPU microarchitecture leaves it fully immune to one of the three methods, and yields "a near zero risk" to another. AMD processors are vulnerable to the third method, but the company insists it can be dealt with software/OS updates that have "negligible performance impact."
Separately, a Google blog post published on Wednesday stated the vulnerabilities "affect many CPUs, including those from AMD, ARM, and Intel," and that Google has "updated our systems and affected products to protect against this new type of attack."
As AMD made its follow-up remarks, Intel was hosting a conference call to share more details on the security issue and its response. Notably, while Intel reiterated the security threats caused by the issue can be plugged via software updates -- specifically, patches for operating systems, virtual machine managers (VMMs) and chip firmware -- the company added it's "pursuing hardware improvements" to mitigate the performance hits that can result from solely relying on software fixes.
But the new hardware (read: chips) won't arrive overnight. Intel only says the "first products" featuring said hardware improvements will arrive at some point this calendar year. The company also shared no details about which markets and workloads these chips will address.
And on the subject of performance hits, while Intel reiterated that "average" users won't see much of an impact -- this claim is arguably backed up by the fact that Apple's macOS patch doesn't seem to have caused a big performance hit -- it admitted there are some workloads that will see larger hits. Specifically, workloads operating primarily in user space -- the part of a system's memory where application software code resides -- will see a minimal hit, but workloads "that spend a lot of time going back and forth between the application and the operating system" will be affected more.
This fits with initial tests done by Linux benchmark provider Phoronix and others, which indicating patching the security flaw has a big impact (greater than 10%, and sometimes over 20%) on certain I/O-intensive tasks (workloads featuring large numbers of reads and/or writes). Examples include the FS-Mark file system benchmark, as well as tests covering the PostgreSQL open-source database.
On the surface, that creates an opening for AMD's Epyc server CPUs, which launched in mid-2017 and (judging by technical reviews/benchmarks) provide good bang for the buck for certain popular workloads, provided the software being run has been optimized for Epyc. Though it's still early days, various enterprises and cloud giants have been testing Epyc, and for certain server workloads at least, those companies have a fresh reason to give AMD a look.
To some extent, AMD's Ryzen Threadripper CPU line for enthusiast PCs and workstations (reviews have been pretty good) could also benefit, at least when battling for customers looking to run I/O-intensive jobs. And assuming Intel's Xeon Phi co-processor line also sees a performance hit for some tasks, Nvidia's (NVDA) Tesla server GPU line could get a boost in some of the high-performance computing (HPC) fields where it squares off against Xeon Phi.
All of that doesn't necessarily mean Intel's shares deserved to see the 6%-plus decline they were sporting at one point on Wednesday. It looks as if most mainstream PC users won't be impacted badly by the performance issues caused by security patches, and only a subset of server and workstation deployments will be.
And in the server market, Intel's brand and mindshare remain powerful customer-retention tools. The same goes for Xeon's strong developer support, as well as Intel's ability to provide complementary solutions such as Xeon Phi processors, its OmniPath high-speed interconnect fabric and its Optane (3D XPoint) next-gen memory. It's also not hard to imagine Intel turning to discounts to keep its biggest Xeon clients loyal over the short-term.
Still, AMD has to be smiling at this week's events. From the start, Epyc has faced an uphill battle to punch a hole in Intel's server CPU hegemony. While it's still not guaranteed that Epyc will manage to do this, the talking point just handed to AMD's salespeople certainly won't hurt.
Jim Cramer and the AAP team hold positions in Apple, Alphabet, Microsoft and Nvidia for their Action Alerts PLUS Charitable Trust Portfolio. Want to be alerted before Cramer buys or sells AAPL, GOOGL, MSFT or NVDA? Learn more now.
More of What's Trending on TheStreet: