Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Class-actions start piling up after El Reg blows lid on CPU security cockup

By Shaun Nichols in San Francisco

Posted in Servers, 5th January 2018 22:27 GMT

Just days after The Register revealed a serious security hole in its CPU designs, Intel is the target of three different class-action lawsuits in America.

Complaints filed in US district courts in San Francisco, CA [PDF], Eugene, OR [PDF], and Indianapolis, IN [PDF] accuse the chip kingpin of, among other things, deceptive practices, breach of implied warranty, negligence, unfair competition, and unjust enrichment.

All three lawsuits center on the kernel memory leak "feature" – dubbed Meltdown – that has been baked into Chipzilla's x86-64 microprocessors since at least 2011.

Each of the three complaints extensively references El Reg's January 2 report on the bug, which can be exploited by malware to steal passwords and other sensitive data from computers.

Arguing that Chipzilla mislead consumers by failing to disclose both the security hole itself and the potential performance hit that could result from installing patches to remedy the design blunder, the plaintiffs seek payouts citing both state and federal consumer protection and business law, including deceptive business practices and unjust enrichment.

"The defect renders the Intel x86-64x CPUs unfit for their intended use and purpose," the complaints read. "In essence, Intel x86-64x CPU owners are left with the unappealing choice of either purchasing a new processor or computer containing a CPU that does not contain the Defect, or continuing to use a computer with massive security vulnerabilities or one with significant performance degradation."

They are now seeking a trial to determine damages (or more likely a settlement deal) on behalf of a class of consumers who purchased a computer with the affected Intel CPUs in California, Oregon, and Indiana.

Intel declined to comment, citing a policy against speaking on pending litigation.

Red Hat details slowdowns, Raspberry Pi and RISC-V all clear

Elsewhere, Linux distro slinger Red Hat has confirmed that some of its enterprise users will indeed see a slowdown in their application software as a result of the mitigations it has rolled out for the CPU flaws.

Red Hat said that depending on workloads, performance will slow by up to 20 per cent, with the most vulnerable being "highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions." Your mileage may vary.

Casual desktop users and gamers won't see much of a difference in performance with the Meltdown patches installed. Other folks may experience a five or more per cent slow down – it really depends on the processor, and how many system calls the software makes. Hammer the disk, network, or otherwise call the kernel a lot, and you'll feel the drag. Tests with database package Redis revealed a 35 per cent slowdown. Using pipelining will reduce that hit. Software can be potentially optimized to reduce any Meltdown-induced latencies.

Ultimately, you should apply Meltdown patches to avoid attack, and be prepared for any potential performance degradation.

Want a system free from the security headaches of Spectre and Meltdown? The ARM11 cores in the Raspberry Pi are immune. And RISC-V is in the clear, too. Maybe it's RISC-V's time to shine. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

Just in time for Friday night

Intel is upset that Qualcomm is treating it like Intel treated AMD for years and years

Chipzilla takes number, joins queue to kick Snapdragon biz in the ball arrays

Intel to Qualcomm and Microsoft: Nice x86 emulation you've got there, shame if it got sued into oblivion

Chipzilla sends not-so-subtle threat to ARM crew

Europe waves through Qualcomm's NXP slurp

Chip-maker promises to play nice with others to secure deal

Get ready for laptop-tab-smartphone threesomes from Microsoft, Lenovo, HP, Asus, Qualcomm

Analysis Snapdragon Win 10 PCs declaration of war on Intel

Intel, Samsung join Apple, FTC firing squad against rival Qualcomm

Two more chip heavyweights enter the patent fray

A bit of intel on AMD's embedded EPYC and Ryzen processors

Dips Zen toes into embedded world with hot new SoCs

Qualcomm disappointed by Broadcom's 'inadequate' shrinking package

Snapdragon giant confirms: Size really does matter

FYI: Processor bugs are everywhere – just ask Intel and AMD

More chip flaws await

Qualcomm asks Broadcom over for lunch and a proper chat about being bought

Brushes off latest $121bn bid as too low, too risky, but is willing to discuss deal