From Tom's Hardware: A group of five Intel CPU buyers has begun a class action suit against the iconic PC chip designer reveals a court document shared by The Register. The plaintiffs assert that Intel knowingly sold billions of CPUs after it already knew of the AVX side-channel vulnerability that would eventually precipitate Downfall. It is further claimed that Intel had knowledge of the AVX vulnerability since 2018 and that Intel’s patch to its architectural flaw meant CPUs were “slowed down beyond recognition.”
Back in August, we reported on behind-the-scenes legal manoeuvrings as a class action against Intel brewed. At that time we recalled that contemporary tests on Intel CPUs spanning the Skylake to Rocket Lake (6th to 11th Gen Core processor) architectures showed patching slowed some operations as much as 50%. Apps that leaned heavily on AVX2 and AVX-512 workloads to complete tasks were worst affected. However, if left unpatched, threat actors could exploit Downfall to extract sensitive information like encryption keys from systems using the 6th to 11th Gen Core CPUs via malware or local access.
The key complaint within the court document, which asks for a jury trial at the US District Court in San Jose, isn’t about the existence of the Downfall vulnerability, or the patch performance penalty, but of Intel basically sitting on its hands. The plaintiffs say that Intel knew of the “defect” behind Downfall since 2018.
Of course, 2018 was a very big year for computer security news. This was the year when Spectre and Meltdown were all over the headlines in the tech press. It was the first time we had seen exploits targeting the speculative execution process that is used by many modern CPUs to speed calculations. Due to the way this process was implemented, threat actors could snoop on data in memory from other processes.
View: Full Article