There were three vulnerabilities revealed Wednesday (Common Vulnerabilities and Exposures number):

1. Bounds Check Bypass (CVE-2017-5753)
2. Branch Target Injection (CVE-2017-5715)
3. Rogue Data Load (CVE-2017-5754)

The bounds check bypass (threat No. 1) has a software fix because its difficult to change the CPU design to eliminate the speculative execution. During a rare briefing with AMD, ARM and Intel, all three companies said this was a shared threat and was being address through system software changes. It appears the performance impact is negligible.

The impact of threats No. 2 and No. 3 do vary depending on CPU vendor. Intel has confirmed both threats, but AMD has said that it cannot observe No. 2 and that, by design, it is not vulnerable to No. 3. This may be because Intel has used more aggressive techniques in its speculative operations. Each vendor has a different branch target design and this can impact the vulnerability. These are also the threats with the most performance impacts.

Intel said threat No. 2 may slow performance on benchmarks by 0-5 percent. Threat No. 3 may see an impact on typical workloads of between 3-5 percent, software that accesses kernel services a lot will bear the brunt of the slow down.