Intel’s “Coffee Lake” Was Released Knowing It Was Vulnerable to Meltdown and Spectre

It looks as if Intel was fully aware that their 8th generation “Coffee Lake” desktop processor family was vulnerable to three major vulnerabilities before their launch (September 25, 2017, with October 5 availability). Two of the main vulnerabilities are the more publicized “Meltdown” and “Spectre”. Google Project Zero teams published their findings on three key vulnerabilities, Spectre (CVE-2017-5753 and CVE-2017-5715); and Meltdown (CVE-2017-5754) in mid-2017, and shared this information with hardware manufacturers under embargo, this was well before Intel launched “Coffee Lake”. These finding has now been made public.


According to many Intel engineers would have had more than enough time to understand the severity of the vulnerability as “Coffee Lake” is extremely similar to “Kaby Lake” and “Skylake”. This decision to still release “Coffee Lake” could affect Intel’s liability when 8th generation Core processor customers decide on a class-action lawsuit.

Also other Intel micro-architectures could require a micro-code update in addition to OS kernel patches to fix these vulnerabilities. On top of that three micro-architectures are expected to take a performance hit once these fixes are in place.

About Author