Intel learned about the Meltdown and Spectre security vulnerabilities in mid-2017, and recent reports have revealed that the company shared the details with a limited number of companies, including Google, Microsoft, Apple, ARM, and AMD.
And while Intel decided to keep all information private as it was working on fixes, it looks like the company discussed the Meltdown and Spectre flaws with a number of Chinese parties, including Lenovo and Alibaba.
The Wall Street Journal writes, via people familiar with the matter, that is what it calls “a near certainty” that the Chinese government was aware of the vulnerabilities given the communication monitoring it conducts in the country, despite Beijing denying all such claims on several occasions in the past.
On the other hand, the United States government only found out about the two security flaws in January after the public disclosure and the media covered it.
“We certainly would have liked to have been notified of this,” an official at the Department of Homeland Security is quoted as saying.
US govt learned about the flaws in January
The US government has recently required all US companies involved in the embargo to explain why they decided to keep Meltdown and Spectre security flaws secret, pointing out that the rest of the industry might have been impacted.
Lenovo, one of the Chinese firms that were briefed about the two hardware bugs, said Intel required a nondisclosure agreement and this is why it couldn’t share any information without another party. Alibaba hasn’t provided any specifics, but instead says that claims the Chinese government was told about the flaws are “speculative and baseless.”
In the meantime, Intel also has a hard time getting the Meltdown and Spectre updates right, as the company has recently confirmed that the Spectre Variant 2 mitigations are causing reboots and system crashes on a number of hardware configurations.
The company eventually suspended the updates, triggering a mass removal of patches from the rest of its partners, including Microsoft, who published patches to disable Spectre Variant 2 fixes on Windows.