Intel Faces Lawsuit Over Failure To Address Faulty Chip Instructions
Chipmaker Sued Over Downfall Vulnerability
Intel, the leading x86 chip manufacturer, is now facing a lawsuit from several PC buyers who allege that the company ignored warnings about faulty chip instructions that led to the recent Downfall vulnerability.
The lawsuit, filed on behalf of five plaintiffs in a US federal court in San Jose, California, claims that Intel knew about the susceptibility of its AVX instruction set to side-channel attacks since 2018 but only addressed the defect after the disclosure of the Downfall vulnerability this year.
The Downfall vulnerability is a microarchitectural flaw that involves the AVX SIMD Gather instruction, which can be exploited to read data from memory during speculative execution. Speculative execution is a technique used by CPU cores to boost performance by anticipating an application's code. However, this technique also poses a risk of data disclosure when the effects of these speculative calculations can be observed.
Malware or a rogue user can exploit the Downfall flaw to potentially extract sensitive information, such as encryption keys, from memory that should be inaccessible. Downfall is part of a series of side-channel vulnerabilities that were discovered after the disclosure of Spectre and Meltdown architecture flaws in 2018.
The lawsuit alleges that Intel sold billions of insecure chips during the five years when it was aware of the AVX vulnerability but failed to take appropriate action. As a result, affected computer buyers have been left with no choice but to apply a patch that significantly slows down performance by up to 50 percent.
The Downfall flaw affects Intel Core processors from the 6th to the 11th generation, and it was publicly disclosed on August 8 of this year (CVE-2022-40982).
According to the complaint, Intel received two separate vulnerability reports from third-party researchers in the summer of 2018, while the company was already dealing with the Spectre and Meltdown vulnerabilities. Despite being aware of the AVX vulnerability, Intel allegedly delayed addressing the issue until the Downfall vulnerability became public.
The lawsuit seeks compensation for affected computer buyers who have experienced performance degradation due to the necessary patch. It raises concerns about Intel's handling of security vulnerabilities and highlights the potential risks faced by users of Intel chips.
Intel has not yet publicly responded to the lawsuit. As the legal proceedings unfold, affected consumers will be watching closely to see how the company addresses the allegations and the potential implications for future chip security.
The lawsuit against Intel underscores the importance of prompt action in addressing security vulnerabilities. As technology continues to advance, chip manufacturers must prioritize the security of their products to protect user's sensitive information and maintain consumer trust.