Following reports of Intel's gross mishandling of its CPU vulnerabilities Spectre (CVE-2017-5753 and CVE-2017-5715), and Meltdown (CVE-2017-5754); particularly its decision to not call off 8th generation Core "Coffee Lake" processor launch after learning of its vulnerability; and a general barrage of "false marketing" allegations, with a dash of "insider trading" allegations added to the mix, the company is bracing for an avalanche of class-action lawsuits in the US, and similar legal action around the world.
Owners of Intel CPU-based computers in California, Oregon, and Indiana, have filed separate complaints alleging that Intel sold vulnerable processors even after the discovery of Meltdown and Spectre; that the chips being sold were "inherently faulty," and that patches that fix them are both an "inadequate response to the problem," and "hurt performance" (false marketing about performance), by 5 to 30 percent
. All three complainants are in the process of building Classes.
By the time Intel launched its 8th generation Core "Coffee Lake" desktop processor family (September 25, 2017, with October 5 availability), the company was fully aware that the product it is releasing was vulnerable to the three vulnerabilities plaguing its processors today, the two more publicized of which, are "Spectre" and "Meltdown." Google Project Zero teams published their findings on three key vulnerabilities, Spectre (CVE-2017-5753 and CVE-2017-5715); and Meltdown (CVE-2017-5754) in mid-2017, shared with hardware manufacturers under embargo; well before Intel launched "Coffee Lake." Their findings were made public on January 3, 2018.
Intel's engineers would have had sufficient time to understand the severity of the vulnerability, as "Coffee Lake" is essentially the same micro-architecture as "Kaby Lake" and "Skylake." As one security researcher puts it, this could affect Intel's liability when 8th generation Core processor customers decide on a class-action lawsuit. As if that wasn't worse, "Skylake" and later micro-architectures could require micro-code updates in addition to OS kernel patches to work around the vulnerabilities. The three micro-architectures are expected to face a performance-hit, despite Intel extracting colorful statements from its main cloud-computing customers that performance isn't affected "in the real-world." The company was also well aware of Spectre and Meltdown before its CEO dumped $22 million in company stock and options (while investors and the SEC were unaware of the vulnerabilities).