Friday, January 5th 2018

Intel Braces for an Avalanche of Class Action Lawsuits

Following reports of Intel's gross mishandling of its CPU vulnerabilities Spectre (CVE-2017-5753 and CVE-2017-5715), and Meltdown (CVE-2017-5754); particularly its decision to not call off 8th generation Core "Coffee Lake" processor launch after learning of its vulnerability; and a general barrage of "false marketing" allegations, with a dash of "insider trading" allegations added to the mix, the company is bracing for an avalanche of class-action lawsuits in the US, and similar legal action around the world.

Owners of Intel CPU-based computers in California, Oregon, and Indiana, have filed separate complaints alleging that Intel sold vulnerable processors even after the discovery of Meltdown and Spectre; that the chips being sold were "inherently faulty," and that patches that fix them are both an "inadequate response to the problem," and "hurt performance" (false marketing about performance), by 5 to 30 percent. All three complainants are in the process of building Classes.
Source: Gizmodo
Add your own comment

38 Comments on Intel Braces for an Avalanche of Class Action Lawsuits

#1
Solaris17
Creator Solaris Utility DVD
lol, please.
Posted on Reply
#2
lexluthermiester
As the newest discoveries clearly show, Intel CPU's are not alone in being affected by these new vulnerabilities. Meltdown was being mitigated as the release in question was taking place. Spector is not exclusive to Intel CPU's and is therefore not their responsibility.

These cases will likely fizzle, sputter and go nowhere.
Posted on Reply
#3
champsilva
People always wants reason to make some profit haha
Posted on Reply
#4
Steevo
People won the hard drive storage size lawsuit, they didn't understand file formatting, or that just like in a file cabinet papers take up space irregardless of the number of words written on them.

champsilva said:
People always wants reason to make some profit haha
And ARM, AMD, and Intel are charities?
Posted on Reply
#5
Chaitanya
lexluthermiester said:
As the newest discoveries clearly show, Intel CPU's are not alone in being affected by these new vulnerabilities. Meltdown was being mitigated as the release in question was taking place. Spector is not exclusive to Intel CPU's and is therefore not their responsibility.

These cases will likely fizzle, sputter and go nowhere.
It was mishandling of "flaws" that has caused uproar and its not the 1st one to be discovered with Intel CPUs in last 6 months or so. Infact there have been USB exploits and ME exploits all going back to the Nehalem from which most of the Core CPUs have been rehashed.

This video explains the whole flaw much better:
Posted on Reply
#7
Solaris17
Creator Solaris Utility DVD
Ugh I hate these "breakdowns" it makes it "simple" so people completely miss the intricacies of the issue and more importantly how it doesn't really affect them.

Then they sue.
Posted on Reply
#8
John Doe
[..] particularly its decision to not call off 8th generation Core "Coffee Lake" processor launch after learning of its vulnerability [..]

Intel learned about the vulnerabilities before launching Coffee Lake. They didn't fix them and decided to launch the CPUs knowing they are vulnerable.
Posted on Reply
#9
DRDNA
It would be nice to see Enterprise Customers get a refund that equals exactly the performance loss they will incur due to this Know about exploit!

15% performance loss equals 15% refund
20% performance loss equals 20% refund
30% performance loss equals 30% refund

Common sence is telling me NO WAY THAT WILL HAPPEN THOUGH.
Posted on Reply
#10
lexluthermiester
Chaitanya said:
ME exploits all going back to the Nehalem
ME was not produced until after that iteration of CPU lines. That video actually hits some good points.
John Doe said:

Intel learned about the vulnerabilities before launching Coffee Lake. They didn't fix them and decided to launch the CPUs knowing they are vulnerable.
Incorrect based on the known info. The vulnerabilities were discovered outside Intel and were disclosed to them as the product launch was happening. Intel seems to have done their due diligence in mitigating the problem as much as was in their abilities. However, that is only in reference to "Meltdown". Spector affects all CPU's regardless of platform, and is therefore not Intel's fault.
Posted on Reply
#11
Steevo
Solaris17 said:
Ugh I hate these "breakdowns" it makes it "simple" so people completely miss the intricacies of the issue and more importantly how it doesn't really affect them.

Then they sue.
Unfortunately in this case I kinda have to disagree, Edge, Firefox, Chrome have all allowed high precision timer access to Java and its notorious security issues, and this allows and will grant complete access to a PC if exploited with the hardware, and all it will take is a malicious ad on Facebook, youtube, TPU, or elsewhere to become compromised. Then Java can start building an array of what you type and it looks just like you are filling out forms. Or it could allow code injection at system level access, welcome to the next gen crypto where data recovery is impossible unless you pay, or for business your customer list, financial info, transaction records, hell even decrypting stored payment and other info is right there for the asking. http://www.tomshardware.com/news/meltdown-spectre-exploit-browser-javascript,36221.html https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
Posted on Reply
#12
Vya Domus
DRDNA said:

Common sence is telling me NO WAY THAT WILL HAPPEN THOUGH.
It would also be pretty dumb as it is difficult to measure the performance hit.
Posted on Reply
#13
John Doe
lexluthermiester said:
ME was not produced until after that iteration of CPU lines. That video actually hits some good points.

Incorrect based on the known info. The vulnerabilities were discovered outside Intel and were disclosed to them as the product launch was happening. Intel seems to have done their due diligence in mitigating the problem as much as was in their abilities. However, that is only in reference to "Meltdown". Spector affects all CPU's regardless of platform, and is therefore not Intel's fault.
What known info? The article clearly states that Intel went ahead with the launch after learning about the vulnerability.
Posted on Reply
#14
lexluthermiester
John Doe said:
What known info? The article clearly states that Intel went ahead with the launch after learning about the vulnerability.
Yes, but they did act on it and started fixes for it. You can't expect a company to halt a major product release over a vulnerability that was, and is still, not completely understood and has no known exploits.
Posted on Reply
#15
Solaris17
Creator Solaris Utility DVD
DRDNA said:
It would be nice to see Enterprise Customers get a refund that equals exactly the performance loss they will incur due to this Know about exploit!

15% performance loss equals 15% refund
20% performance loss equals 20% refund
30% performance loss equals 30% refund

Common sence is telling me NO WAY THAT WILL HAPPEN THOUGH.
Why would they get a refund? You don't actually think AWS, Google and Azure are going to let there customers instances fall down are you? No, they cant take that hit financially via refund or take the hit in loss of customer base. They will spin up more servers to make up the performance penalty and then hash out pricing with Intel for future build outs.
Posted on Reply
#16
John Doe
lexluthermiester said:
Yes, but they did act on it and started fixes for it. You can't expect a company to halt a major product release over a vulnerability that was, and is still, not completely understood and has no known exploits.
I think that's exactly what people who have initiated the Class Action Lawsuits expect.

And 'known exploits' is a rather misleading term. Known to whom? The fact that you and me don't know of any exploits using this vulnerability it doesn't mean that they don't exist. And even if they don't exist at this moment, can you say that an exploit for the vulnerability will not be developed during the lifetime of the CPUs? I think not.
Posted on Reply
#17
lexluthermiester
John Doe said:
I think that's exactly what people who have initiated the Class Action Lawsuits expect.
Do you honestly believe Intel is going to actively compromise their entire company by not acting on information reported to them? Vulnerabilities are discovered all the time in everyone's products. Intel has a legal obligation to fix problems like this. However, these problem are for more complex than most and do not have easy solutions.
John Doe said:
And 'known exploits' is a rather misleading term. Known to whom? The fact that you and me don't know of any exploits using this vulnerability it doesn't mean that they don't exist.
Exactly! That's the problem. And as it affects everyone, not just Intel, how do we define ultimate responsibility? That is why these cases will go nowhere.
Posted on Reply
#18
ExV6k
How about a Reddit movement to force Intel to enable HT on older i5s and Pentiums? :v You know it's perfectly possible!
Posted on Reply
#19
xkm1948
This is so stupid, sue everything for like what? $5 for each of us?









So where do I sign up?
Posted on Reply
#20
ExV6k
xkm1948 said:
This is so stupid, sue everything for like what? $5 for each of us?









So where do I sign up?
HyperThreading for all i5 owners!! :D:D
Posted on Reply
#21
djisas
I want a refund of my i3 2120, kappa...
Posted on Reply
#22
lexluthermiester
djisas said:
I want a refund of my i3 2120, kappa...
Never gonna happen!
Posted on Reply
#24
HD64G
nem.. said:

Robust is the key...
Posted on Reply
#25
lexluthermiester
nem.. said:

That doesn't really have much to do with the topic at hand. I'd also disagree with all three points as they are purely anecdotal. AMD makes a solid set of products.
Posted on Reply
Add your own comment