AMD Targeted By Class Action Suit Over Spectre Vulnerabilities

Two law firms have announced their intention to file class-action lawsuits against AMD. The firms claim the company failed to disclose knowledge of its products’ Spectre vulnerability.

The Meltdown/Spectre issue continues to ripple through the computer industry as affected hardware OEMs continue to push out patches, while wrongdoers try to take advantage of it. Compared to when the issue first made headlines, we now have a much clearer picture of the three distinct vulnerabilities that make up the issue and how they’re fixed. However, with so many affected CPUs, some of which are only partially affected by the issue, we still don’t have a clear picture of Meltdown/Spectre’s full impact.

Zen-based CPUs (Ryzen and Threadripper) from AMD are among those that are partially affected. Of the three vulnerabilities, the company said from the beginning that its CPUs did not suffer from Meltdown. There was more confusion around Spectre. The company initially claimed, and continues to maintain, that it’s vulnerable to Spectre Variant 1, which is patched at the OS level. As for Spectre Variant 2, however, AMD’s initial statement was that there was “near-zero risk of exploitation” on its CPUs; it later stated that it had issued “optional” CPU microcode updates for the vulnerability.

The change in position is part of why the Rosen and Pomerantz law firms are now targeting AMD. These lawsuits aren’t aimed at justice for consumers, though; they’re after AMD for failing to disclose to investors its knowledge of the vulnerabilities, which led to a claimed drop in stock value. AMD’s stock took an insignificant hit in after-hours trading on the day it announced its BIOS updates, but its has since recovered. Only the Pomerantz lawsuit specifically mentions Spectre Variant 2, whereas the Rosen lawsuit references only “a fundamental security flaw”. Both lawsuits seem to be viewing AMD’s eventual release of BIOS updates as a smoking gun for the case that AMD’s CPUs are vulnerable to Spectre Variant 2 after all.

Since the announcement of the BIOS updates, AMD hasn’t made any more statements on Meltdown/Spectre. Meanwhile, there are already multiple lawsuits against Intel.

In response to our inquiry, AMD said that the “allegations are without merit” and that it intends “to vigorously defend against these baseless claims.”

  • shabbo
    These lawyer scumbags are a disease to the free world. I can understand the rationale behind suing intel for hiding a critical vulnerability from their customers for 6 months, but AMD didn't do anything wrong. AMD said on Jan 3rd 'near-zero' risk. 'Near-zero' is still a non-zero value and therefore AMD released an 'optional' BIOS patch. It's optional because it's still a near-zero risk since the exploit requires access to the motherboard pin-outs. So wtf these bozo laywers even think they have a case against AMD just because it sounds similar to that of Intel's issue.
    Reply
  • Tony_117
    Scumbag lawyers looking to make a quick buck. I was recently in a class action lawsuit because a store was charging online customers more than in store ones, wrongly. Lawyers walked away with 60+ million and the rest of us got like $6.
    Reply
  • hannibal
    Next They will go after arm cores and next... sigh...
    Reply
  • chris.beda
    20608108 said:
    These lawyer scumbags are a disease to the free world. I can understand the rationale behind suing intel for hiding a critical vulnerability from their customers for 6 months, but AMD didn't do anything wrong. AMD said on Jan 3rd 'near-zero' risk. 'Near-zero' is still a non-zero value and therefore AMD released an 'optional' BIOS patch. It's optional because it's still a near-zero risk since the exploit requires access to the motherboard pin-outs. So wtf these bozo laywers even think they have a case against AMD just because it sounds similar to that of Intel's issue.

    What this article fails to mention and show is that AMD actually updated their press release around the 13th or so. The reason being is that their press release on the exploits on the 3rd were completely false.

    The first press released said that AMD CPUs were not affected by variant 1 of Spectre and had an near zero chance of being affected by variant 2. That isn't the case. AMD CPUs are fully affected by both Variant 1 and 2 of Spectre, which was what the 13th press release was on.

    AMD straight up lied to both consumers and investors about how badly AMD CPUs were affected by Spectre. That is what the lawsuits are about. Though it is a class action lawsuit against AMD by their investors who could have lost millions due to AMD making false claims.
    Reply
  • lperreault21
    mabey the should go after Intel....
    Reply
  • cryoburner
    20608829 said:
    What this article fails to mention and show is that AMD actually updated their press release around the 13th or so. The reason being is that their press release on the exploits on the 3rd were completely false.

    The first press released said that AMD CPUs were not affected by variant 1 of Spectre and had an near zero chance of being affected by variant 2. That isn't the case. AMD CPUs are fully affected by both Variant 1 and 2 of Spectre, which was what the 13th press release was on.

    AMD straight up lied to both consumers and investors about how badly AMD CPUs were affected by Spectre. That is what the lawsuits are about. Though it is a class action lawsuit against AMD by their investors who could have lost millions due to AMD making false claims.
    If AMD had claimed that they were invulnerable to both variants of Spectre on the 3rd, then supposedly changed that position with an edit on the 13th, then why did Tom's Hardware write on the 4th that...

    Most notably, AMD claims that is has zero vulnerability to Variant 3 (Meltdown), stating that the patches that are currently being issued for Meltdown do not apply to its processors due to "architectural differences." This is excellent news for AMD, as it therefore has no exposure to the current round of potentially performance-sapping patches. That bodes very well for the company as it reenters the data center with a competitive line of EPYC processors.

    The Ryzen desktop processors are also not susceptible to Meltdown. Linus Torvalds has also granted AMD an exemption to the performance penalties incurred by the Linux patch for Meltdown.

    AMD is vulnerable to Variant 1, which is a Spectre exploit. As noted above, many contend that Spectre is not likely to see an effective patch any time soon, and some researchers claim the vulnerability exists in every modern processor architecture in existence. They also claim that fixing the issues could require a redesign of fundamental processor architectures. AMD said it has a patch that can mitigate Variant 1 with minimal performance impact and further stated that it has a "near zero risk of exploitation" from Variant 2, which is also a Spectre exploit.
    So, did Tom's Hardware somehow misread AMD's press release, which you claim stated that they were not vulnerable to variant 1 of Spectre? Or perhaps you just mixed up what they said about Meltdown with the two Spectre variants? It sure sounds like their claims haven't really changed from their position at that time. Also, you claim that AMD is "fully affected by both Variant 1 and 2 of Spectre, but as far as I know, variant 2 still hasn't been demonstrated to work on AMD hardware, and they still maintain that it would be difficult to exploit. They made an "optional" update available to remove any slim chance of variant 2 being exploited, but that doesn't mean that they've changed their position about there being "near zero risk of exploitation" of that variant on their processors.
    Reply
  • jkeefer
    Stooges paid by whoever is shorting AMD stock. Its been going on for years.
    Reply
  • shafe88
    More than likely Intel has a hand in all of this. Seems fishy the lawyers went after AMD and not Intel when Intel CEO suspiciously sold his shares of Intel stock right before news of the security flaws broke. AMD's Ryzen architecture is a big threat so Intel will use any means possible to stop it's momentum, just like they did in the early 2000's when Athlon architecture was a major threat.
    Reply
  • shrapnel_indie
    These lawsuits aren’t aimed at justice for consumers, though; they’re after AMD for failing to disclose to investors its knowledge of the vulnerabilities, which led to a claimed drop in stock value. AMD’s stock took an insignificant hit in after-hours trading on the day it announced its BIOS updates, but its has since recovered.

    Hmmm... Was the drop really related to the news or was it just a normal fluctuation? It clearly states in the article that the drop was insignificant and quickly recovered. Those who didn't panic and sell immediately really didn't lose anything.

    It seems more of a gravy train law-suit trying to ride on the coattails of the Intel suits to me. They see Intel as more than likely paying out in some form, and believe they can get AMD to do the same. Unfortunately, the biggest winners of any suit is usually and most often, the lawyers. Justice for the consumers? I seriously doubt it in this case. Lawyers try to refrain from cases where they have a zero or less gain.
    Reply
  • MASOUTH
    The biggest thing I'm finding suspect here is if half the commenters have even read the piece or if it is just their reading comprehension that is lacking and has them going off course.
    Reply