Doyle APC’s class action attorneys filed the first class action lawsuit against Intel Corporation for the design defect found in all of Intel’s x86-64x CPUs, exposing the computer or server utilizing the Intel CPU to massive security vulnerabilities.
2019 Update
The Intel CPU class action lawsuits were transferred to the District of Oregon and assigned to the Honorable Michael H. Simon for consolidated pretrial proceedings. The consolidated case is titled “In Re: Intel Corp. CPU Marketing, Sales Practices, and Products Liability Litigation.” Judge Simon appointed Seeger Weiss LLP and Levi & Korsinsky LLP law firms to lead the consolidated litigation—two competent class action law firms.
The Alleged Defect and Security Vulnerabilities
Defendant Intel’s x86-64x CPUs suffer from a security defect, which causes the CPUs to be exposed to troubling security vulnerabilities by allowing potential access to highly secure kernel data (the “Defect”). Kernel data is the most sensitive part of a computer as it controls all other programs on the computer. When the user inputs a command, i.e., to save a file or open a browser, the kernel mode carries out this task. To speed up the transition from the user’s command to the execution of this command by the kernel mode, Intel created a shortcut of sorts called “speculative execution.”
Speculative execution is when the processor attempts to guess the next operation or command, so the code to carry out the order can be standing by, ready to execute. When the processor selects what it believes is the following command, it will fetch the code needed to carry out that operation and have the code on standby. However, Intel’s speculative execute code may fetch secure codes without first performing a security check which would generally block such a request.
The speculative execution flaw has given rise to two security vulnerabilities: “Meltdown” and “Spectre.” Meltdown impacts only Intel processors and could allow malware to access computer data using something as innocuous as a javascript program to exploit the speculative execution flaw and access highly secure kernel data. Spectre impacts almost all x86-64x processors, including not only Intel processors but ARM and possibly AMD processors. ARM processors power most smartphones and tablet devices, including the iPhone and iPad.
Devices Impacted
The speculative execution security flaw exists in all of Intel’s x86-64 CPUs which were first introduced in 2004 and are still in use in most modern-day processors. The x86-64x CPU is utilized in most desktop and laptop computers and servers in the United States. These Intel CPUs also run most of the large, cloud-based servers in operation today, such as those from Google, Microsoft, and Amazon. Intel processors also run countless government computers and servers which hold highly confidential information. Any device in operation today with an Intel chip, 2004 or newer, contains a design defect.
It also appears that CPUs manufactured by AMD (Advanced Micro Devices) and those licensed by ARM Holdings are vulnerable to Spectre. ARM is the manufacturer that supplies the CPUs that power the vast majority of the world’s smartphones and tablets, including the iPhone and iPad.
The “Patch”
Since the British newspaper, The Guardian broke this story, Intel, Apple, Linux, and Microsoft, have been racing to develop a “patch” to close the security vulnerabilities created by Intel’s defective design. The security patch, while expected to cure the security vulnerabilities, will dramatically degrade the CPU’s performance. Because the defect is in the Intel x86-64 hardware, changes to the Operating System at a kernel level must be done to create the patch.
Essentially, it will stop the use of speculative execution by these CPUs. Speculative execution has been the primary method by which Intel, AMD, and ARM have increased processor speed exponentially over the past ten years. There is little doubt that this will result in slower processor speeds, although those who perform processor-intensive operations will likely be the most affected. Intel x86-64x CPU owners are left with the unappealing choice of using a computer with massive security vulnerabilities or one with significant performance degradation.
Intel’s Response
While Intel has admitted the existence of a security flaw in its processors, it claims the security vulnerabilities are not due to a design defect. This is surprising given the security flaw exists in the CPU’s hardware and was an intentional design. Intel has also tried to deflect blame to some extent by noting that this defect also impacts other CPUs.
Intel also states that any decrease in performance, for most users, would be minimal. Early tests cast doubts on Intel’s claim and indicate a 5% to 30% decrease in performance, depending upon the user’s activity. Additionally, given any patch would undoubtedly have to either completely block or substantially diminish “speculate execution,” it also points to a substantial performance decrease. “Speculative execution” is the primary means by which manufacturers have been able to improve processor speed. For these reasons, many computer experts doubt Intel’s claims of minimal performance degradation.