Guess who else Spectre is haunting? Yes, it's AMD. Four class-action CPU flaw lawsuits filed

Punters not happy with handling of vulnerability confessions

AMD underwater

It's not just Intel facing a legal firestorm over its handling of the Spectre and Meltdown CPU design flaws – AMD is also staring at a growing stack of class-action complaints related to the chip vulnerabilities.

At least four separate lawsuits have now been filed against the California-based processor slinger, alleging violations ranging from securities fraud to breach of warranty, unfair competition, and negligence. The cases, all submitted to a US district court in San Jose, include:

The first three suits, which could be merged into each other at some point, seek damages from AMD on behalf of those who bought an AMD processor blighted by the Spectre design vulnerability prior to the flaw's public disclosure by researchers in January of this year.

While Meltdown primarily affects Intel chips, AMD's CPUs – like many modern processor architectures including Intel's – suffer from Spectre-class bugs. The trio of suits cite El Reg's exclusive reporting on the semiconductor security cockups.

The lawsuits note that AMD knew of these side-channel attack vulnerabilities before the public disclosure and yet didn't issue any mitigations, nor warn users of the risks even as they pushed their products to market.

"Despite its knowledge of the Spectre Defect, AMD continued to sell its processors to unknowing customers at prices much higher than what customers would have paid had they known about the Spectre Defect and its threat to critical security features as well as on the processing speeds of the devices they purchased," read the Barnes complaint.

Additionally, the cases note that because Spectre is rooted so deeply into the CPU architecture, a permanent fix will be difficult to roll out and will likely cause a drop in performance.

"Defendant has been unable or unwilling to repair the security vulnerabilities in the subject CPUs or offer Plaintiff and class members a non-defective CPU or reimbursement for the cost of such CPU and the consequential damages arising from the purchase and use of such CPUs," reads the Speck complaint.

"The software updates or 'patches' pushed by AMD onto CPU owners does not appear to provide protection from all the variants of Spectre. At the very least, firmware updates or changes will be required. Even then, these 'patches' dramatically degrade CPU performance."

The Speck, Barnes, and Hauck complaints levy charges against AMD including breach of implied warranty, breach of express warranty, violation of the Magnusson-Moss Warranty Act, negligence, strict liability, unjust enrichment, and violations of unfair competition and consumer protection laws in California and Ohio.

AMD CEO Lisa Su speaking at the firm's 2015 financial analyst day

Sueball smacks AMD over processor chip security flaw silence

READ MORE

Meanwhile, the Kim complaint, as we reported last month, looks to recover cash on behalf of shareholders who bought AMD stock between between February 21, 2017 and January 11, 2018. The suit alleges that AMD mislead investors and violated securities laws when it failed to disclose the bugs and, after the flaws were disclosed, downplayed their severity.

As a result, the suit alleges, shareholders took a financial hit when the vulnerabilities were confirmed in AMD chips and its stock price fell 0.99 per cent on January 12, 2018.

"AMD and the Individual Defendants, individually and in concert, directly or indirectly, disseminated or approved the false statements… which they knew or deliberately disregarded were misleading in that they contained misrepresentations and failed to disclose material facts," the complaint reads.

All four complaints seek a jury trial to determine damages. A spokesperson for AMD could not be reached for immediate comment. ®




Biting the hand that feeds IT © 1998–2018