Data Centre


Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Class-actions start piling up after El Reg blows lid on CPU security cockup

By Shaun Nichols in San Francisco


Just days after The Register revealed a serious security hole in its CPU designs, Intel is the target of three different class-action lawsuits in America.

Complaints filed in US district courts in San Francisco, CA [PDF], Eugene, OR [PDF], and Indianapolis, IN [PDF] accuse the chip kingpin of, among other things, deceptive practices, breach of implied warranty, negligence, unfair competition, and unjust enrichment.

All three lawsuits center on the kernel memory leak "feature" – dubbed Meltdown – that has been baked into Chipzilla's x86-64 microprocessors since at least 2011.

Each of the three complaints extensively references El Reg's January 2 report on the bug, which can be exploited by malware to steal passwords and other sensitive data from computers.

Arguing that Chipzilla mislead consumers by failing to disclose both the security hole itself and the potential performance hit that could result from installing patches to remedy the design blunder, the plaintiffs seek payouts citing both state and federal consumer protection and business law, including deceptive business practices and unjust enrichment.

"The defect renders the Intel x86-64x CPUs unfit for their intended use and purpose," the complaints read. "In essence, Intel x86-64x CPU owners are left with the unappealing choice of either purchasing a new processor or computer containing a CPU that does not contain the Defect, or continuing to use a computer with massive security vulnerabilities or one with significant performance degradation."

They are now seeking a trial to determine damages (or more likely a settlement deal) on behalf of a class of consumers who purchased a computer with the affected Intel CPUs in California, Oregon, and Indiana.

Intel declined to comment, citing a policy against speaking on pending litigation.

Red Hat details slowdowns, Raspberry Pi and RISC-V all clear

Elsewhere, Linux distro slinger Red Hat has confirmed that some of its enterprise users will indeed see a slowdown in their application software as a result of the mitigations it has rolled out for the CPU flaws.

Red Hat said that depending on workloads, performance will slow by up to 20 per cent, with the most vulnerable being "highly cached random memory, with buffered I/O, OLTP database workloads, and benchmarks with high kernel-to-user space transitions." Your mileage may vary.

Casual desktop users and gamers won't see much of a difference in performance with the Meltdown patches installed. Other folks may experience a five or more per cent slow down – it really depends on the processor, and how many system calls the software makes. Hammer the disk, network, or otherwise call the kernel a lot, and you'll feel the drag. Tests with database package Redis revealed a 35 per cent slowdown. Using pipelining will reduce that hit. Software can be potentially optimized to reduce any Meltdown-induced latencies.

Ultimately, you should apply Meltdown patches to avoid attack, and be prepared for any potential performance degradation.

Want a system free from the security headaches of Spectre and Meltdown? The ARM11 cores in the Raspberry Pi are immune. And RISC-V is in the clear, too. Maybe it's RISC-V's time to shine. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Oh, and another thing, Qualcomm tells court: Apple handed Intel our chipping source code

Cupertino: If you've got any evidence, bring it

Qualcomm to keep server CPUs but avoids head-on Intel battle

Plans to target greenfield hyperscalers, skip boring old servers

Intel is upset that Qualcomm is treating it like Intel treated AMD for years and years

Chipzilla takes number, joins queue to kick Snapdragon biz in the ball arrays

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

Just in time for Friday night

Qualcomm, Microsoft drag apps for Win-10-on-Arm into 64-bit world

Visual Studio previews a world without 32-bit emulation

Qualcomm demands blueprints to Intel chips used in Apple iPhones

Enough with the foot-dragging, mobile processor'n'modem giant rails in patent feud

Intel ponders Broadcom buy as Qualcomm's exec chair steps away

Rather than face a combined BroadQual, Chipzilla may break out the cheque book

Monday: Intel teases 48-core Xeon. Tuesday: AMD whips covers off 64-core second-gen Epyc server processor

Chipzilla more like Tyrannosaurus Rekt

NXP becomes N-nixed-P, Apple snubs Qualcomm modems for Intel chips

Shareholders, here's thirty billion dollars so you feel better on double whammy Wednesday

Hmm, there's something fishy about this graph charting AMD's push into Intel's server turf

Epyc chips nibble bits off Xeon's x86 revenue share