Intel CPU Class Action

Doyle APC’s class action attorneys filed the first class action lawsuit against Intel Corporation for the design defect found in all of Intel’s x86-64x CPUs which expose the computer or server utilizing the Intel CPU to massive security vulnerabilities.

2019 Update

The Intel CPU class action lawsuits were transferred to the District of Oregon and assigned to the Honorable Michael H. Simon for consolidated pretrial proceedings. The consolidated lawsuit is titled “In Re: Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation”. Judge Simon appointed the law firms of Seeger Weiss LLP and Levi & Korsinsky LLP to lead the consolidated litigation. Two very capable firms.

If you have questions about the litigation, please visit this site.

The Alleged Defect and Security Vulnerabilities

Defendant Intel’s x86-64x CPUs suffer from a security defect, which causes the CPUs to be exposed to troubling security vulnerabilities by allowing potential access to extremely secure kernel data (the “Defect”). Kernel data is the most sensitive part of a computer as it controls all other programs on the computer. When the user inputs a command, i.e., to save a file or open a browser, the kernel mode carries out this task. In an effort to speed up the transition from the user’s command to the execution of this command by the kernel mode, Intel created a shortcut of sorts called “speculative execution.” “Speculative execution” is when the processor attempts to guess what the next operation or command will be so the code to carry out the command can be standing by, ready to execute. When the processor selects what it believes is the next command, it will fetch the code(s) needed to carry out that operation and have the code(s) on standby. However, Intel’s “speculative execute” code may “fetch” secure codes without first performing a security check which would normally block such a request.

The speculative execution flaw has given rise to two types of security vulnerabilities known as “Meltdown” and “Spectre.” Meltdown impacts only Intel processors and could allow malware to access computer data by using something as innocuous as a javascript program to exploit the speculative execution flaw and access extremely secure kernel data. Spectre actually impacts almost all x86-64x processors which includes not only Intel processors but ARM and possibly AMD processors. ARM processors power the vast majority of smartphones and tablet devices including the iPhone and iPad.

Devices Affected

The “speculative execution” security flaw exists in all of Intel’s x86-64 CPUs which were first introduced in 2004 and are still in use in the majority of today’s modern-day processors. The x86-64x CPU is utilized in the majority of all desktop, laptop computers, and servers in the United States. These Intel CPUs also run most of the large, cloud based servers in operation today such as those from Google, Microsoft and Amazon. Intel processors also run countless government computers and servers which hold extremely confidential information. Essentially any device in operation today with an Intel chip, 2004 or newer, contain the design defect.

It also appears that CPUs manufactured by AMD (Advanced Micro Devices) and those licensed by ARM Holdings are vulnerable to Spectre. ARM is the manufacturer that supplies the CPUs that power the vast majority of the world’s smartphones and tablets, including the iPhone and iPad.

The “Patch”

Since the British newspaper, The Guardian broke this story, Intel along with Apple, Linux and Microsoft have been racing to develop a “patch” to close the security vulnerabilities created by Intel’s defective design. The security “patch,” while expected to cure the security vulnerabilities, will dramatically degrade the CPU’s performance. Because the defect is in the Intel x86-64 hardware changes to the Operating System at a kernel level must be done to create the “patch.” Essentially, it will stop the use of speculative execution by these CPUs. Speculative execution has been the primary method by which Intel, AMD and ARM have been able to increase processor speed so exponentially over the past 10 years. There is little doubt this will result in dramatically slower processor speeds, although it is those who perform processor intensive operations that are likely to be the most affected. In essence, Intel x86-64x CPU owners are left with the unappealing choice of either continuing to use a computer with massive security vulnerabilities or one with significant performance degradation.

Intel’s Response

While Intel has admitted the existence of the security flaw in its processors it claims the security vulnerabilities are not due to a design defect. This is surprising given the security flaw exists in the CPU’s hardware and was an intentional design. Intel has also tried to deflect blame to some extent by noting that this defect impacts other CPUs as well.

Intel also states that any decrease in performance, for most users, would be minimal. Early tests cast doubts on Intel’s claim and indicate a 5% to 30% decrease in performance, depending upon the user’s activity. Additionally, given any patch would certainly have to either completely block or substantially diminish “speculate execution,” also point to a substantial performance decrease. “Speculative execution” is the primary means by which manufacturers have been able to improve processor speed. For these reasons, many computer experts are extremely doubtful of Intel’s claims of minimal performance degradation.