This is interesting, but I wonder what the real world application of this change would be. According to Linus, the Intel RdRand is only used as one of many sources of entropy in /dev/random. So even if it were compromised it wouldn't have a large impact on security.
There's no way to know for sure, but I don't think this is a problem for the average consumer. I'd like to think serious black hats are not amateur fishermen who use a bait to catch anything that passes by. I picture them more like a sniper waiting for the perfect shot on a valuable target. In other words, yes every system could be compromised, but the ones that are will be the ones holding more valuable information. And those are few relative to the mass of average joes. But then one might get an advantage from controlling a botnet, and use it to attack more valuable targets.
It's the same as security always is. "What are my enemies capable of" is an absolutely critical component of the security equation that cannot be overlooked.
Not all applications use Linux. Not all applications go through Linux's /dev/random for their random needs. If you look into the discussion on, say, Theodore Tso's G+ entry on rdrand, you'll find that some people are eager to skip the OS and use rdrand directly.
Most server applications run on GNU/Linux operating system. Those machines are usually the strategic targets of such attacks, not Windows based computers.
The only caveat is that if RdRand was made to output the bits about to be sent out XORed with a stream of AES(n++, NSA_KEY) then you get seemingly random data that is 100% deterministic once you know the key and completely invisible if you don't know the key.
Source: http://www.change.org/en-GB/petitions/linus-torvalds-remove-...