AMD Targeted By Class Action Suit Over Spectre Vulnerabilities

[Guest]

Two law firms have announced their intention to file class-action lawsuits against AMD. The firms claim the company failed to disclose knowledge of its products’ Spectre vulnerability.


AMD Targeted By Class Action Suit Over Spectre Vulnerabilities : Read more

 

[shabbo]

These lawyer scumbags are a disease to the free world. I can understand the rationale behind suing intel for hiding a critical vulnerability from their customers for 6 months, but AMD didn't do anything wrong. AMD said on Jan 3rd 'near-zero' risk. 'Near-zero' is still a non-zero value and therefore AMD released an 'optional' BIOS patch. It's optional because it's still a near-zero risk since the exploit requires access to the motherboard pin-outs. So wtf these bozo laywers even think they have a case against AMD just because it sounds similar to that of Intel's issue.

 

[Tony_117]

Scumbag lawyers looking to make a quick buck. I was recently in a class action lawsuit because a store was charging online customers more than in store ones, wrongly. Lawyers walked away with 60+ million and the rest of us got like $6.

 

[hannibal]

Next They will go after arm cores and next... sigh...

 

[chris.beda]

These lawyer scumbags are a disease to the free world. I can understand the rationale behind suing intel for hiding a critical vulnerability from their customers for 6 months, but AMD didn't do anything wrong. AMD said on Jan 3rd 'near-zero' risk. 'Near-zero' is still a non-zero value and therefore AMD released an 'optional' BIOS patch. It's optional because it's still a near-zero risk since the exploit requires access to the motherboard pin-outs. So wtf these bozo laywers even think they have a case against AMD just because it sounds similar to that of Intel's issue.

What this article fails to mention and show is that AMD actually updated their press release around the 13th or so. The reason being is that their press release on the exploits on the 3rd were completely false.

The first press released said that AMD CPUs were not affected by variant 1 of Spectre and had an near zero chance of being affected by variant 2. That isn't the case. AMD CPUs are fully affected by both Variant 1 and 2 of Spectre, which was what the 13th press release was on.

AMD straight up lied to both consumers and investors about how badly AMD CPUs were affected by Spectre. That is what the lawsuits are about. Though it is a class action lawsuit against AMD by their investors who could have lost millions due to AMD making false claims.

 

[lperreault21]

mabey the should go after Intel....

 

[cryoburner]

What this article fails to mention and show is that AMD actually updated their press release around the 13th or so. The reason being is that their press release on the exploits on the 3rd were completely false.

The first press released said that AMD CPUs were not affected by variant 1 of Spectre and had an near zero chance of being affected by variant 2. That isn't the case. AMD CPUs are fully affected by both Variant 1 and 2 of Spectre, which was what the 13th press release was on.

AMD straight up lied to both consumers and investors about how badly AMD CPUs were affected by Spectre. That is what the lawsuits are about. Though it is a class action lawsuit against AMD by their investors who could have lost millions due to AMD making false claims.

If AMD had claimed that they were invulnerable to both variants of Spectre on the 3rd, then supposedly changed that position with an edit on the 13th, then why did Tom's Hardware write on the 4th that...

Most notably, AMD claims that is has zero vulnerability to Variant 3 (Meltdown), stating that the patches that are currently being issued for Meltdown do not apply to its processors due to "architectural differences." This is excellent news for AMD, as it therefore has no exposure to the current round of potentially performance-sapping patches. That bodes very well for the company as it reenters the data center with a competitive line of EPYC processors.

The Ryzen desktop processors are also not susceptible to Meltdown. Linus Torvalds has also granted AMD an exemption to the performance penalties incurred by the Linux patch for Meltdown.

AMD is vulnerable to Variant 1, which is a Spectre exploit. As noted above, many contend that Spectre is not likely to see an effective patch any time soon, and some researchers claim the vulnerability exists in every modern processor architecture in existence. They also claim that fixing the issues could require a redesign of fundamental processor architectures. AMD said it has a patch that can mitigate Variant 1 with minimal performance impact and further stated that it has a "near zero risk of exploitation" from Variant 2, which is also a Spectre exploit.

So, did Tom's Hardware somehow misread AMD's press release, which you claim stated that they were not vulnerable to variant 1 of Spectre? Or perhaps you just mixed up what they said about Meltdown with the two Spectre variants? It sure sounds like their claims haven't really changed from their position at that time. Also, you claim that AMD is "fully affected by both Variant 1 and 2 of Spectre, but as far as I know, variant 2 still hasn't been demonstrated to work on AMD hardware, and they still maintain that it would be difficult to exploit. They made an "optional" update available to remove any slim chance of variant 2 being exploited, but that doesn't mean that they've changed their position about there being "near zero risk of exploitation" of that variant on their processors.

 

[jkeefer]

Stooges paid by whoever is shorting AMD stock. Its been going on for years.

 

[shafe88]

More than likely Intel has a hand in all of this. Seems fishy the lawyers went after AMD and not Intel when Intel CEO suspiciously sold his shares of Intel stock right before news of the security flaws broke. AMD's Ryzen architecture is a big threat so Intel will use any means possible to stop it's momentum, just like they did in the early 2000's when Athlon architecture was a major threat.

 

[shrapnel_indie]

These lawsuits aren’t aimed at justice for consumers, though; they’re after AMD for failing to disclose to investors its knowledge of the vulnerabilities, which led to a claimed drop in stock value. AMD’s stock took an insignificant hit in after-hours trading on the day it announced its BIOS updates, but its has since recovered.

Hmmm... Was the drop really related to the news or was it just a normal fluctuation? It clearly states in the article that the drop was insignificant and quickly recovered. Those who didn't panic and sell immediately really didn't lose anything.

It seems more of a gravy train law-suit trying to ride on the coattails of the Intel suits to me. They see Intel as more than likely paying out in some form, and believe they can get AMD to do the same. Unfortunately, the biggest winners of any suit is usually and most often, the lawyers. Justice for the consumers? I seriously doubt it in this case. Lawyers try to refrain from cases where they have a zero or less gain.

 

[MASOUTH]

The biggest thing I'm finding suspect here is if half the commenters have even read the piece or if it is just their reading comprehension that is lacking and has them going off course.

 

[YoAndy]

So lets be fair, looking and reading previous comments some people still mad at Intel but AMD lies about it and everything is ok?

Some person even said(@lperreault21) '"mabey the should go after Intel"' and another person saying(@shabbo) "'AMD didn't do anything wrong. AMD said on Jan 3rd 'near-zero' risk. 'Near-zero' is still a non-zero value and therefore AMD released an 'optional' BIOS patch and saying that These lawyer scumbags are a disease""

First Let me tell you that you are wrong and that Advanced Micro Devices Inc said on Thursday its microprocessors are susceptible to both variants of the Spectre security flaw, days after saying its risk for one of them was “near zero”... That being said, AMD is not alone in facing court filings. Intel is in the same boat, and has already been whacked by multiple class-action lawsuits over both Meltdown and Spectre. People knew AMD was lying, Google's Project Zero team, which was instrumental in uncovering the CPU flaws, had actually informed AMD about Spectre back in June 2017, so one could argue that AMD should have been more forthcoming about the issue instead of lying and trying to sell more processors while Intel got whacked..

 

[SteveRNG]

I'm not commenting with respect to the lawyers.

What I'm curious about is that AMD said there was "near-zero" risk. I remember seeing that at the beginning; absolutely.

But what are the odds of ANY architectures (Intel's, AMD's, ARM's) being affected? I'm not talking about *specific* statistical values. What I mean is "near-zero" risk may (or may not) be claimed by anybody. It's a very generic statement. And while everyone else initially just admitted to the issue, AMD just told us there was near zero risk.

AMD stating that there is a "near-zero" risk implies that there is a significantly higher risk with other architectures. This may be completely true.

But think of it this way. Google finds the issue and informs major players. When this all comes out:
Intel comes out and says there is a potential for exploitation and they are working to resolve it.
Apple says that all Mac and iOS devices are affected
ARM says patches are ready
Google says the latest security updates protect you.
AMD says there's a near-zero chance of being affected. And then a week later release patches.

Again, AMD may be correct. And their architecture may be different enough to make it non only near-zero, but many orders of magnitude less likely than any other system. If so, they win. But does nobody else see how their message is completely different than everybody else? Everybody else is busy coming straight out and saying something like "there is a chance of exploitation and we will fix it". AMD said something like "there is zero chance of exploitation but... we'll fix it."

Then I think.. but... what is the difference between AMD and everybody else if they both have to develop a patch to mitigate the issue? When I first read "near-zero" I was thinking, "Wow! They may be slower and less efficient than Intel, but it may have been because they knew that what they were doing was more secure in the long run".

I guess we'll have to see how everybody performs once everything is patched.

 

[redgarl]

Yeah, the drop of stock for that day was 0.10$... just cmon, and I have some stock.

 

[redgarl]

@SteveRNG

Near zero-risk because their architecture is different and you need to be in a controlled environment with direct hardware connection to exploit the vulnerability... basically it is near impossible to exploit unlike Meltdown requiring minimal cyber attack expertise.

 

[redgarl]

mabey the should go after Intel....

They actually are, however they want the head of the management team at AMD for disclosing ambiguous information from their point of view.

However Intel CEO is at the middle of an insider trading affair, and they believe that AMD staff officers were the bad guys.

 

[Jimbojan]

Most lawyers are scumbags, all they interested in is to rip off anyone they can get a hand on. So are the politicians, like those dems in washington to sell off the country so that they get their vote to stay in power ( for themselves ).

 

[wownwow]

The facts are:

1) No change in AMD's position, according to AMD.
2) No change to AMD's "Variant / AMD Response Matrix" table.
3) The patch for the Variant 2 (Sperctre) is "optional."

They don't even know where the $ is to go after or which tree to bark at, just funny clowns barking at the wrong tree, the one affected the least relative to Intel and ARM!

Intel Inside (Patch Inside) money in work?

Below may show them where the money is:

According to the Intel CPU design, the White House (Kernel) need to relocated for the security issue (Meltdown)!

According to Intel CEO, relocating the White House is the intended design!

 

[poidragon]

What this sounds like is an "attempted mugging of AMD" by some shady and greedy law firms, looking to score some fast cash; as their lawsuit does not represent "the public, the consumer or the end user" of CPU's developed by AMD. Hopefully, AMD puts up a very vigorous legal defense, to counter such specious legal claims that these two law firms are trying to exploit, in order to force AMD to pay them, for essentially doing nothing to earn their case in a court of law!

 

[poidragon]

It really sounds like a "money grab" by some shady law firms looking to make a quick buck without having to do the legal footwork necessary, or have a client, with which to claim they are filing such a frivolous lawsuit! AMD should counter sue, these law firms on the grounds that would set a legal precedent, so that such "meritless lawsuits" will never see "the inside of a courtroom!" Lawyers and law firms already have a "shady reputation" and this sort of illicit action by these two law firms, just makes them even less reputable, in the eyes of the public!

 

[jimmysmitty]

So lets be fair, looking and reading previous comments some people still mad at Intel but AMD lies about it and everything is ok?

Some person even said(@lperreault21) '"mabey the should go after Intel"' and another person saying(@shabbo) "'AMD didn't do anything wrong. AMD said on Jan 3rd 'near-zero' risk. 'Near-zero' is still a non-zero value and therefore AMD released an 'optional' BIOS patch and saying that These lawyer scumbags are a disease""

First Let me tell you that you are wrong and that Advanced Micro Devices Inc said on Thursday its microprocessors are susceptible to both variants of the Spectre security flaw, days after saying its risk for one of them was “near zero”... That being said, AMD is not alone in facing court filings. Intel is in the same boat, and has already been whacked by multiple class-action lawsuits over both Meltdown and Spectre. People knew AMD was lying, Google's Project Zero team, which was instrumental in uncovering the CPU flaws, had actually informed AMD about Spectre back in June 2017, so one could argue that AMD should have been more forthcoming about the issue instead of lying and trying to sell more processors while Intel got whacked..

Remember AMD is the underdog and nothing they could do is wrong. They don't even make poor choices, they are just held down by the man (Intel).

Not hating on AMD, hell I still have more AMD products than Intel in my home and would have kept with their GPUs if they didn't fall behind performance wise but they do make bad choices sometimes (Bulldozer, selling their FABs just before Core 2 launched) and they are not looking out for the consumer. Everything they do has their interests in mind. They have an obligation to stock holders to perform well and that's fine but their profits come first and foremost.

mabey the should go after Intel....

They actually are, however they want the head of the management team at AMD for disclosing ambiguous information from their point of view.

However Intel CEO is at the middle of an insider trading affair, and they believe that AMD staff officers were the bad guys.

According to Intel the sale was pre-planned. How far back will matter. The date of it being put into place does not tell me the plan. He might have had to do it flaw or not and that's what will matter more TBH.

And yes that information needs to be clear from the start. Ambiguous can cause a lot of damage.