Three Class-Action Lawsuits Target AMD Over Spectre Vulnerability

AMD has managed to avoid much of the hubbub over the Meltdown and Spectre vulnerabilities, but it hasn't emerged completely unscathed, thanks to two class-action lawsuits filed on behalf of the company's shareholders. Now those filings have been joined by three more lawsuits, this time filed on behalf of consumers who purchased AMD's processors in the time between the issues' discovery and their disclosure.

All three lawsuits center around essentially the same thing, which is that AMD sold CPUs vulnerable to Spectre despite knowing about the vulnerability. (Another 32 lawsuits were filed against Intel for the same reason.) The suits claim that AMD breached its products' implied warranties, that the company was negligent, and that it unjustly profited from the sale of these processors.

One lawsuit said that the Google Project Zero research team “informed AMD of the existence of the Spectre Defect no later than by June 1, 2017,” yet “AMD continued to sell its processors to unknowing customers at prices much higher than what customers would have paid had they known about the Spectre Defect.”

Another suit cites research on vulnerabilities arising from speculative execution dating back over a decade to claim that CPU makers, including AMD, made changes to their CPUs in search of speed gains “with no thought as to the security vulnerabilities that were simultaneously created.” The same lawsuit claims that AMD’s performance figures for its CPUs are disingenuous because they rely on knowingly vulnerable hardware.

Although it’s technically true that AMD and Intel continued to sell chips with knowledge of the vulnerabilities, recall that an industry-wide NDA for Meltdown and Spectre was agreed upon and that AMD was merely complying with it. Had any company revealed the vulnerabilities early, it would have given the industry less time to prepare fixes, which could have put consumers at greater risk of being affected by the security flaws.

This thread is closed for comments
    Your comment
  • TwoSpoons100
    Can you imagine the screaming if AMD and Intel had halted all CPU sales for six months while they fixed the issue? That probably would have resulted in even more lawsuits as hardware vendors were driven to the wall.
    Damned if you do - damned if you don't.
  • blazorthon
    If you wanted to sue over the fact that these vulnerabilities even happened so badly and were present for such a long time, then okay, but complaining about the companies still selling them between officially learning of the problems and making it publicly known is excessive. The same goes for suing Intel over that. AMD and Intel couldn't have simply stopped selling the chips because the retailers, OEMs, and such would have continued selling the chips or selling products containing the chips.

    Maybe recalls would have actually stopped sales, but how can you recall practically every CPU in existence? Besides that, what's the point of stopping sales if you believe you can get workable patches out before much malware actually exploits the problems? If not for the sample code getting published, it might have been even longer before Meltdown and Spectre exploits started showing up.
  • steve15180
    At this point, I just don't get it. The stock price barely changed, Meltdown is a non issue, Spectre 1 is a software issue that has been addressed (so far), and Spectre 2 has not been shown to work on AMD cpus (at least Zen, which was for sale). I'll be surprised if their not laughed out of court.