Intel is facing a class-action lawsuit over its management of speculative execution vulnerabilities, specifically the recently disclosed Downfall attack method. Plaintiffs, represented by Bathaee Dunne, filed a 112-page complaint, claiming that Intel CPUs are “defective” due to their vulnerability to cyberattacks or significant performance degradation caused by the fixes for these vulnerabilities.
The complaint alleges that Intel has been aware of speculative execution vulnerabilities in its processors since 2018 when researchers disclosed the Meltdown and Spectre attack methods.
These vulnerabilities can allow attackers with access to the system to bypass security protections and obtain sensitive information.Customers are dissatisfied with the performance degradation caused by the fixes implemented by Intel to address these vulnerabilities.
The lawsuit accuses Intel of knowingly selling flawed CPUs over several years, with the Downfall attack, disclosed by a Google researcher in August, being a focal point.
The Downfall vulnerability, deemed highly practical, was said to result in up to a 50% performance degradation in affected CPUs despite Intel’s issued microcode update.The complaint outlines the decreased value of impacted Intel CPUs due to performance degradation, and the plaintiffs seek monetary relief, measuring the greater of actual damages or statutory damages of $10,000 for each plaintiff.
The class-action lawsuit underscores the growing concerns about how hardware vulnerabilities and their mitigations impact the performance and value of CPUs.