The `sandsifter` project has found undocumented Intel x86 processor instructions that have been kept secret by Intel.  It does this by testing millions of instruction op codes and seeing what happens.

![sandsifter in action animated gif](https://github.com/xoreaxeaxeax/sandsifter/raw/master/references/sandsifter.gif)

Their documentation at the [Github repo](https://github.com/xoreaxeaxeax/sandsifter) says they typically find millions of instruction opcodes that work, but they can be binned into several main categories:

- Software bug (for example, a bug in your hypervisor or disassembler),
- Hardware bug (a bug in your CPU), or
- Undocumented instruction (an instruction that exists in the processor, but is not acknowledged by the manufacturer)

Who knows how any of these categories of problems could be exploited by a hacker in unexpected ways.   As they say:

> Scanning with the sandsifter has uncovered undocumented processor features across dozens of opcode categories, flaws in enterprise hypervisors, bugs in nearly every major disassembly and emulation tool, and critical hardware bugs opening security vulnerabilities in the processor itself.

Yup, looks pretty bad to me.

The sandsifter [whitepaper](https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/domas_breaking_the_x86_isa_wp.pdf) has more details.

Sources: 
- Github repo: https://github.com/xoreaxeaxeax/sandsifter
- Whitepaper: https://github.com/xoreaxeaxeax/sandsifter/blob/master/references/domas_breaking_the_x86_isa_wp.pdf