Intel hit with class action suit over CPU defects
2018 has not been a great year for Intel so far, as the last week or so has simply been a tsunami of bad news concerning security vulnerabilities in its x86-64x CPUs. Considering the extent of the Intel’s woes, it wasn’t going to be too long before a class action appeared, and here it is; Garcia, et al. vs. Intel Corp, Case No. 18-cv-00046, (ND Cal).
The case itself aims to represent any US purchaser of Intel CPUs containing the defect, or purchasers of a device containing one of these Intel processors. The defect is actually down to what Intel must have through was a clever bit of engineering. The kernel mode attempts to guess what the user will do next, known as “speculative execution”, having certain programmes on stand-by to increase speed and performance. This action potentially exposes kernel data, one of the most sensitive parts of a computer.
Since the vulnerability was initially exposed, Intel has been rushing to develop a patch, essentially closing the threat, though it is believed it will degrade performance at the same time. Intel claims 90% of processor products introduced within the past five years will be fixed by the end of this week, and for the average user, the impact on performance will be minimal. This has also been echoed by Intel’s customers:
“Our testing with public benchmarks has shown that the changes in the December 2017 updates resulted in no measurable reduction in the performance of macOS and iOS as measured by the GeekBench 4 benchmark, or in common Web browsing benchmarks such as Speedometer, JetStream, and ARES-6.”
“The majority of Azure customers should not see a noticeable performance impact with this update. We’ve worked to optimise the CPU and disk I/O path and are not seeing noticeable performance impact after the fix has been applied.”
“On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.”
“We have not observed meaningful performance impact for the overwhelming majority of EC2 workloads.”
This has been disputed by some commentators as the speculative execution feature is believed to be one of the primary drivers of increased performance. Only time will tell.
Doyle APC’s ambulance chaser impersonation should of course been expected, though Intel has been the main recipient of attention so far.
AMD and ARM are two other suppliers who have also admitted to vulnerabilities, though neither has gotten anywhere near the same amount of consideration. The flaw may not impact these products as much as Intel, or the severity of AMD and ARM defects has not been truly uncovered just yet.