Intel is currently facing a class-action complaint from a group of five CPU buyers. The plaintiffs allege that Intel knowingly sold processors with a side-channel vulnerability called Downfall. They claim that Intel was aware of this vulnerability since 2018 but failed to take action to address it [2]. This flaw affects Intel chips from the 6th to the 11th generation and allows attackers to access sensitive data [1] [5]. The plaintiffs argue that Intel should have addressed the vulnerability in 2018 when it was first discovered [1] [5]. They are seeking damages and a recall or repair program for the affected CPUs [1]. The lawsuit seeks a jury trial at the US District Court in San Jose [4]. Intel has not commented on the allegations [1] [5].


The lawsuit alleges that Intel implemented temporary measures instead of fixing the problem [2], which actually increased the occurrence of attacks [2]. As a result, the vulnerability led to a 50 percent decline in performance [2]. These allegations raise concerns about Intel’s negligence in addressing backdoors and loopholes in their architecture [2], putting consumers and businesses at risk [2]. The specific bug mentioned in the complaint is called Downfall [3], an information disclosure vulnerability in Intel’s sixth to eleventh-generation CPUs [3]. This vulnerability allows attackers to gain access to privileged information in shared computing environments [3]. The prosecution is seeking monetary relief against Intel for the plaintiffs [3]. The legal liability for poor vulnerability remediation is not clearly defined by law [3]. The complexity and limited consequences of the Downfall bug make it a challenging case to determine legal liability [3].


The outcome of this lawsuit could have significant implications for the technology industry. If the plaintiffs are successful, it may establish a precedent for holding vendors accountable for negligence in applying patches in a timely manner. Users of the affected CPUs now face a difficult choice between updating and experiencing performance drops or remaining vulnerable [1]. The lawsuit highlights the importance of prompt and effective vulnerability remediation to protect sensitive data. It also raises questions about the responsibility of technology companies to address backdoors and loopholes in their products. Moving forward, this case may prompt stricter regulations and standards for vulnerability management in the industry.