This is not a bug but something which seems a sequence of the side-channel
vulnerabilities revealed last year and may need special attention. The
researchers suggest:

"In this paper, we extend these ideas in a different direction,
and leverage speculative execution in order to hide malware from
both static and dynamic analysis. Using this technique, critical
portions of a malicious program���s computation can be shielded
from view, such that even a debugger following an instruction-
level trace of the program cannot tell how its results were
computed.
"

https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_02B-5_Wampler_paper.pdf