Intel “Downfall” CPU Vulnerability Leads To Class-Action Lawsuit By Consumers
Intel has been pulled into a lawsuit by consumers, claiming that the chipmaker was aware of the Downfall vulnerabilities & still sold chips in the market.
Before we go into the lawsuit, let's recap on what Downfall is. As covered previously, the vulnerability specifically affects workloads utilizing the AVX2/AVX-512 gather instructions. Intel disclosed that "Downfall" had a greater impact on older-gen Tiger Lake/ Ice Lake lineups. In easy words, the vulnerability reveals hardware registry contents, potentially leading to large-scale data thefts. Since vulnerability in the industry is something quite common, it isn't seen as the company's fault, and oftentimes, mitigation is applied quickly.
However, the lawsuit filed by five Intel CPU buyers, as reported by The Register, claims that Team Blue was aware of the AVX side-channel vulnerability since 2018. Moreover, the company didn't tend to fix the loop in the architecture until Downfall was discovered, which not only put the security of millions of users at risk, but the aftermath of the vulnerability led to a 50 percent decline in performance. Here is how the report by The Register sums up how Downfall's existence actually started five years ago:
The complaint says that in the summer of 2018, when Intel was dealing with Spectre and Meltdown, the manufacturer received two separate vulnerability reports from third-party researchers that warned that the microprocessor titan's Advanced Vector Extensions (AVX) instruction set – which allows Intel CPU cores to perform operations on multiple pieces of data simultaneously, improving performance – was vulnerable to the same class of side-channel attack as those other two serious flaws.
The argument posed by the filers discloses that
Read more on wccftech.com
