Intel has faced plenty of criticism for not divulging the Meltdown and Spectre CPU flaw, but that heat is now turning to legal proceedings. A total of 32 lawsuits are currently active against the company and more are likely to follow. Intel says 30 customer filings have been made, along with two security class action lawsuits.
Six weeks after Meltdown and Spectre was discovered, Intel has yet to issue a patch for Variant 2 (Spectre) of the flaw. Intel is facing lawsuits because the company failed to tell customers about the vulnerability.
The security lawsuits claim the company violated laws that affected businesses. Intel says it will fight the court claims and is willing to dispute the accusations:
“We dispute the claims described above and intend to defend the lawsuits vigorously. Given the procedural posture and the nature of these cases, including that the proceedings are in the early stages, that alleged damages have not been specified, that uncertainty exists as to the likelihood of a class or classes being certified or the ultimate size of any class or classes if certified, and that there are significant factual and legal issues to be resolved, we are unable to make a reasonable estimate of the potential loss or range of losses, if any, that might arise from these matters.”
Intel says it is still working on a patch to fix Spectre Variant 2 on older chips. Last month, the company launched a patch for the Spectre vulnerability that caused problems. Users have reported random reboots, promoting Intel to tell customers to avoid the update for now.
Discovered by Intel last June, the company decided to tell major clients such as Microsoft, Google, and Apple. However, the information was not made public, not even to the US Government. The company argued this gave time for a patch to be created, but ironically the patch failed to work anyway.
Meltdown and Spectre
Meltdown and Spectre is a flaw found in a majority of the company's chips. Intel issued a patch, but it was faulty from the start. Worse, the company buried the information in financial results, saying the patch could lead to “data loss or corruption.”
The kernel-level flaw leaves all most Intel-powered machines open to attack, while also affecting some running AMD and ARM chips. The flaw lies in kernel operations. When a command is issued on a system, the CPU gives system control to the kernel. To maintain efficiency of performance, the kernel stays below the surface of processes even when the CPU resumes control. This is what leaves machines at risk.