Software makers routinely issue patches to fix security problems in their applications and OSs, but that's not always possible for hardware. (What??? You didn't know that your CPU has unfixed security bugs that might leave you wide open to attack? It's true!) Take for example Intel's hugely popular Core 2 line of processors. Over the past few years a lot of discussion has taken place regarding a long list of bugs in Core 2 Duo and Solo processors, including the Extreme Edition of the processors, all of which are currently used in numerous systems. These bugs are the result of design flaws.
Sometimes OS developers and BIOS developers can work around the bugs to help protect against potential system failures and security exploits. As an example of the security implications, a system might load data from the wrong memory location, or malware might take advantage of insufficient code segment checks, and so on. Although CPU bugs are to be expected, there's no fix from any vendor--including Intel--for many of the known bugs. If you're interested in having a look, Intel's list of bugs (as of February 2008) for the Core 2 Duo and Solo processors is available at the first URL below. If you're interested in the potential impact of some of the known bugs, head over to Geek.com (at the second URL below) and have a look at the image file that was posted back in 2006. It contains a list of bugs known at that time, along with their potential ramifications.
Even if you don't have any systems using Core 2 CPUs, you've still got plenty to worry about. Other CPUs, including those manufactured by AMD, each have their list of bugs. Fortunately, so far there hasn't been any widespread exploitation of CPU bugs. Unfortunately, that might be about to change. At the upcoming Hack In The BOX (HITB) Conference, which will be held October 27-30 in Malaysia, independent researcher Kris Kaspersky will give a presentation that is already making big waves.
If Kaspersky releases his POC code, as he reportedly intends to do, then we can fully expect that as usual that code will make it into the hands of malware developers who will turn it toward malicious purposes. If that happens, and any particular exploits become widespread and indefensible, then it's also possible that Intel might have to step up to the plate with processor recalls as they did back in the mid 1990's after the discovery of the now relatively famous Pentium floating point division bug. I guess we'll find out what the future holds soon enough.