Data Centre


Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Class-actions start piling up after El Reg blows lid on CPU security cockup

By Shaun Nichols in San Francisco


Just days after The Register revealed a serious security hole in its CPU designs, Intel is the target of three different class-action lawsuits in America.

Complaints filed in US district courts in San Francisco, CA [PDF], Eugene, OR [PDF], and Indianapolis, IN [PDF] accuse the chip kingpin of, among other things, deceptive practices, breach of implied warranty, negligence, unfair competition, and unjust enrichment.

All three lawsuits center on the kernel memory leak "feature" – dubbed Meltdown – that has been baked into Chipzilla's x86-64 microprocessors since at least 2011.

Each of the three complaints extensively references El Reg's January 2 report on the bug, which can be exploited by malware to steal passwords and other sensitive data from computers.

Arguing that Chipzilla mislead consumers by failing to disclose both the security hole itself and the potential performance hit that could result from installing patches to remedy the design blunder, the plaintiffs seek payouts citing both state and federal consumer protection and business law, including deceptive business practices and unjust enrichment.

"The defect renders the Intel x86-64x CPUs unfit for their intended use and purpose," the complaints read. "In essence, Intel x86-64x CPU owners are left with the unappealing choice of either purchasing a new processor or computer containing a CPU that does not contain the Defect, or continuing to use a computer with massive security vulnerabilities or one with significant performance degradation."

They are now seeking a trial to determine damages (or more likely a settlement deal) on behalf of a class of consumers who purchased a computer with the affected Intel CPUs in California, Oregon, and Indiana.

Intel declined to comment, citing a policy against speaking on pending litigation.

Red Hat details slowdowns, Raspberry Pi and RISC-V all clear

Elsewhere, Linux distro slinger Red Hat has confirmed that some of its enterprise users will indeed see a slowdown in their application software as a result of the mitigations it has rolled out for the CPU flaws.

Red Hat said that depending on workloads, performance will slow by up to 20 per cent, with the most vulnerable being "highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions." Your mileage may vary.

Casual desktop users and gamers won't see much of a difference in performance with the Meltdown patches installed. Other folks may experience a five or more per cent slow down – it really depends on the processor, and how many system calls the software makes. Hammer the disk, network, or otherwise call the kernel a lot, and you'll feel the drag. Tests with database package Redis revealed a 35 per cent slowdown. Using pipelining will reduce that hit. Software can be potentially optimized to reduce any Meltdown-induced latencies.

Ultimately, you should apply Meltdown patches to avoid attack, and be prepared for any potential performance degradation.

Want a system free from the security headaches of Spectre and Meltdown? The ARM11 cores in the Raspberry Pi are immune. And RISC-V is in the clear, too. Maybe it's RISC-V's time to shine. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Qualcomm to keep server CPUs but avoids head-on Intel battle

Plans to target greenfield hyperscalers, skip boring old servers

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

Just in time for Friday night

Intel is upset that Qualcomm is treating it like Intel treated AMD for years and years

Chipzilla takes number, joins queue to kick Snapdragon biz in the ball arrays

Qualcomm, Microsoft drag apps for Win-10-on-Arm into 64-bit world

Visual Studio previews a world without 32-bit emulation

Qualcomm demands blueprints to Intel chips used in Apple iPhones

Enough with the foot-dragging, mobile processor'n'modem giant rails in patent feud

Intel ponders Broadcom buy as Qualcomm's exec chair steps away

Rather than face a combined BroadQual, Chipzilla may break out the cheque book

NXP becomes N-nixed-P, Apple snubs Qualcomm modems for Intel chips

Shareholders, here's thirty billion dollars so you feel better on double whammy Wednesday

Hmm, there's something fishy about this graph charting AMD's push into Intel's server turf

Epyc chips nibble bits off Xeon's x86 revenue share

Qualcomm data centre tech veep jumps ship

Whither the Centriq now?

Apple fanbois ride to the aid of iGiant in patent spat with Qualcomm

Consumers attempt to block chip flinger's attempt to block sale of devices without their kit