Meltdown and Spectre exploits recently came to light that affect virtually all modern processors by compromising system security. While Spectre hits everyone, Meltdown appears to primarily affect Intel CPUs made since 1995. Now, the Santa Clara-based firm faces a big headache: it could be hit by a class-action lawsuit over the release of its 8th generation Coffee Lake processors which came while the company knew of both security flaws.
Meltdown and Spectre: Intel released Coffee Lake knowing It was vulnerable at launch
By the time Intel launched its 8th Gen Core processor family, the company was fully aware that the product it was releasing was vulnerable to two major security flaws: Meltdown and Spectre. Google’s Project Zero teams shared their findings on the bugs with hardware manufacturers in June 2017 – well before the Intel Coffee Lake CPUs hit the market. The findings were only made public recently on January 3.
While Meltdown can somewhat be fixed via OS patch, there is no simple solution to Spectre. Intel engineers would have had sufficient time between June and September to understand the severity of the security flaws, especially since Coffee Lake is based on the same micro architecture as Kaby Lake and Skylake.
The potential liability is big for Intel: the company released Coffee Lake depite knowing it was vulnerable at launch. The 8th Gen desktop customers could decide on a class-action lawsuit against Intel. In addition, plaintiffs may claim compensation for alleged slowdown that fixing computers will cause, although Intel disputes it is a major factor.
“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time,” Intel said in an earlier statement.
Intel CEO sold millions in shares before security flaws went public
As if that wasn’t worse, Intel CEO Brian Krzanich’s actions could put the CPU giant into some more trouble. Krzanich sold every single Intel share he was allowed to last year. He liquidated some 245,000 shares of Intel stock (worth in excess of $39 million), bringing his total remaining shares down to 250,000—the minimum he’s required to hold as company CEO.
The sale was made as part of a 10b5-1 plan, which is a mechanism designed to prevent illegal insider trading by allowing senior executives to set up predetermined, automatic selling plans. However, the timing of sale is something that makes it look inappropriate.
Krzanich sold the shares in late November, months before the company was informed of the security flaws in its chips, but before they were made public. This raises questions as to whether his dealing was above board. The situation may attract the attention of the SEC, but there is no announcement yet.
Update, Jan. 6, 2018: Three class-action lawsuits have been filed against Intel over the Meltdown and Spectre processor vulnerabilities. The complaints—filed in California, Indiana, and Oregon—cite the security vulnerabilities, their potential impact on performance, as well as the delay in Intel’s response to public.
Intel said in a statement that it was aware of the class actions, but declined to comment “as these proceedings are ongoing.”