Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Class-actions start piling up after El Reg blows lid on CPU security cockup

By Shaun Nichols in San Francisco

Posted in Servers, 5th January 2018 22:27 GMT

Just days after The Register revealed a serious security hole in its CPU designs, Intel is the target of three different class-action lawsuits in America.

Complaints filed in US district courts in San Francisco, CA [PDF], Eugene, OR [PDF], and Indianapolis, IN [PDF] accuse the chip kingpin of, among other things, deceptive practices, breach of implied warranty, negligence, unfair competition, and unjust enrichment.

All three lawsuits center on the kernel memory leak "feature" – dubbed Meltdown – that has been baked into Chipzilla's x86-64 microprocessors since at least 2011.

Each of the three complaints extensively references El Reg's January 2 report on the bug, which can be exploited by malware to steal passwords and other sensitive data from computers.

Arguing that Chipzilla mislead consumers by failing to disclose both the security hole itself and the potential performance hit that could result from installing patches to remedy the design blunder, the plaintiffs seek payouts citing both state and federal consumer protection and business law, including deceptive business practices and unjust enrichment.

"The defect renders the Intel x86-64x CPUs unfit for their intended use and purpose," the complaints read. "In essence, Intel x86-64x CPU owners are left with the unappealing choice of either purchasing a new processor or computer containing a CPU that does not contain the Defect, or continuing to use a computer with massive security vulnerabilities or one with significant performance degradation."

They are now seeking a trial to determine damages (or more likely a settlement deal) on behalf of a class of consumers who purchased a computer with the affected Intel CPUs in California, Oregon, and Indiana.

Intel declined to comment, citing a policy against speaking on pending litigation.

Red Hat details slowdowns, Raspberry Pi and RISC-V all clear

Elsewhere, Linux distro slinger Red Hat has confirmed that some of its enterprise users will indeed see a slowdown in their application software as a result of the mitigations it has rolled out for the CPU flaws.

Red Hat said that depending on workloads, performance will slow by up to 20 per cent, with the most vulnerable being "highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions." Your mileage may vary.

Casual desktop users and gamers won't see much of a difference in performance with the Meltdown patches installed. Other folks may experience a five or more per cent slow down – it really depends on the processor, and how many system calls the software makes. Hammer the disk, network, or otherwise call the kernel a lot, and you'll feel the drag. Tests with database package Redis revealed a 35 per cent slowdown. Using pipelining will reduce that hit. Software can be potentially optimized to reduce any Meltdown-induced latencies.

Ultimately, you should apply Meltdown patches to avoid attack, and be prepared for any potential performance degradation.

Want a system free from the security headaches of Spectre and Meltdown? The ARM11 cores in the Raspberry Pi are immune. And RISC-V is in the clear, too. Maybe it's RISC-V's time to shine. ®

Sign up to our NewsletterGet IT in your inbox daily

129 Comments

More from The Register

Qualcomm to keep server CPUs but avoids head-on Intel battle

Plans to target greenfield hyperscalers, skip boring old servers

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

Just in time for Friday night

Intel is upset that Qualcomm is treating it like Intel treated AMD for years and years

Chipzilla takes number, joins queue to kick Snapdragon biz in the ball arrays

Qualcomm, Microsoft drag apps for Win-10-on-Arm into 64-bit world

Visual Studio previews a world without 32-bit emulation

Intel ponders Broadcom buy as Qualcomm's exec chair steps away

Rather than face a combined BroadQual, Chipzilla may break out the cheque book

Monday: Intel touts 28-core desktop CPU. Tuesday: AMD turns Threadripper up to 32

It's crazy how a little competition can cause that

Intel to Qualcomm and Microsoft: Nice x86 emulation you've got there, shame if it got sued into oblivion

Chipzilla sends not-so-subtle threat to ARM crew

Industry whispers: Qualcomm mulls Arm server processor exit

Analysis Arm-for-web-boxes is a good idea that keeps going nowhere

Europe waves through Qualcomm's NXP slurp

Chip-maker promises to play nice with others to secure deal

Cheap-ish. Not Intel. Nice graphics. Pick, er, 3: AMD touts Ryzen Pro processors for business

Quickly follows 2018's Pro Mobile parts