Except that if the CPU completely masked its changes it would be no threat. The trick is getting the system to use the bad randomness. I find it unlikely none of the people debugging or running slightly different kernels or drivers or rootkits would not notice something. To exploit RDRAND you would not have to worry about what all the code in the system is doing (highly volatile over different configurations and versions) but you would just need to monitor a few select kernel symbols.