Five unhappy owners of Intel CPUs have recently launched a class action lawsuit against the company following the discovery that, allegedly, Intel has knowingly sold processors affected by a dangerous vulnerability – and has been doing so for years. The flaw in question is called Downfall, and although it doesn’t affect Intel’s best CPUs, it is present in chips ranging from the 6th to the 11th generation of Intel processors.
Dating back to Skylake CPUs and still present in Rocket Lake chips, the downfall vulnerability was first made public by security researcher Daniel Moghimi. This flaw targets the instruction gathering process in Intel CPUs. Normally, this allows the CPU to quickly access various data in its memory, but unfortunately, this also means that any vulnerability within the Gather instruction would give the threat actor too much access to the affected PC. Is. Whether it’s through malware or direct access, attackers can potentially steal a lot of sensitive data from the affected chips.
Intel released a patch to stop the bug, but it came at a high cost. As reported by Tom’s Hardware, downloading the patch slowed AVX2 and AVX-512 workloads by up to 50%. This left users stuck in a lose-lose situation where they could either make themselves vulnerable to downfall or patch the CPU and suffer performance loss. The plaintiffs disagree with Intel’s approach and are now demanding a jury trial in the U.S. District Court in San Jose.
First reported by The Register, the class action suit features five plaintiffs who owned one of the chips affected by the downfall. According to the lawsuit, Intel was made aware of this vulnerability as early as 2018, when Intel was already dealing with other threats like Specter and Meltdown. Third-party researchers prepared a vulnerability report regarding the then-yet-unknown fallout, which found a flaw within the AVX instruction set in a similar manner to Specter and Meltdown.
Hardware enthusiast Alexander Yee prepared an article about the flaw in 2018 and delayed publishing it until August 7, 2018, reportedly at Intel’s request. Because of this, the plaintiff believes Intel should have focused on the downfall in 2018 rather than proceeding to sell the chips when it was first informed of the defect.
“Despite promising a hardware redesign to mitigate speculative execution vulnerabilities during the exact same time period that researchers uncovered vulnerabilities in Intel’s AVX instructions, Intel did nothing. “It did not fix its then-current chips, and for more than three consecutive generations, Intel did not redesign its chips to ensure that AVX instructions would operate safely when the CPU executed them speculatively,” The complaint states.
The document also talks about the five affected plaintiffs, specifically one man who said he “would not have purchased his Intel CPU at that price had he known about the defect described in this complaint.”
The complaint also explains what the plaintiffs want: “Intel’s affected CPUs – billions of them – have been defectively designed to date, and Intel has conducted no recalls, implemented no repair programs, and the underlying “No plan has been provided to correct the design defect. Plaintiffs seek compensatory and equitable relief.”
Intel has so far refused to comment on these allegations. It’s hard to say where this might go, and since these CPUs are a few generations old by now, they’re hard to find in stores at the moment. However, those who already have them still face a tough choice: update or not update? Intel recommends updating itself, but if you frequently use your CPU to run AVX2 and AVX-512 workloads, you may experience a serious degradation in performance.