Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs

An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.

Re:This Will Go Nowhere

[mikael]

They did do bounds tests. That generates exceptions, but a thread or process can catch those exceptions and ignore them, Because the CPU is pipelined, and different instruction sub-tasks take different amounts of time, it's more efficient to assume reads will be successful and to start those sub-tasks that take the longest time first. A memory fetch from off-CPU memory chips takes way longer than a bounds check. So it's better off sending out the request to load that memory location into cache on the chance that it will be a valid address, then do the bounds test to generate an exception, then roll back the speculative state if an error occurs. But the state of the cache wasn't rolled back. So some data values were evicted to make way for the new data. Those could be read back.

Re:It's easy to show harm, actually....

You are always wrong