Forwarding you to

GitHub - xoreaxeaxeax/rosenbridge: Hardware backdoors in x86 CPUs

The backdoor allows ring 3 (userland) code to circumvent processor protections to freely read and write ring 0 (kernel) data. While the backdoor is typically disabled (requiring ring 0 execution to enable it), we have found that it is enabled by default on some systems.