November 10, 2023 at 09:36AM
A class action lawsuit has been filed against Intel over its handling of speculative execution vulnerabilities, specifically the “Downfall” attack. Plaintiffs claim that Intel CPUs are defective, leaving them vulnerable to cyberattacks or with significantly slower performance due to vulnerability fixes. The complaint accuses Intel of selling flawed CPUs despite knowledge of the issues. The plaintiffs seek monetary relief.
Meeting Takeaways:
– A class-action lawsuit has been filed against Intel over its handling of speculative execution vulnerabilities, specifically the recently disclosed “Downfall” attack.
– Plaintiffs claim that the Intel CPUs they purchased are either left vulnerable to cyberattacks or have significantly slower performance due to the vulnerability fixes implemented by Intel.
– The lawsuit alleges that Intel has been aware of speculative execution vulnerabilities since 2018 with the disclosure of the Meltdown and Spectre attacks.
– Intel has been informed about several other speculative execution vulnerabilities and has taken steps to address them.
– Customers are displeased with the performance degradation caused by the vulnerability fixes and accuse Intel of knowingly selling flawed CPUs over the years.
– The Downfall attack, disclosed by a Google researcher, has been described as highly practical and capable of stealing OpenSSL encryption keys.
– Intel issued a microcode update to mitigate the Downfall vulnerability, but the update resulted in significant performance degradation in affected CPUs.
– The plaintiffs are seeking monetary relief, either actual damages to be determined at trial or statutory damages of $10,000 per plaintiff.
– Intel has been contacted for comment, and SecurityWeek will provide updates if the company responds.
Please note that these takeaways are a summary of the meeting notes provided.