Jump to content
Corsair Community

PSA: Spectre & Meltdown Vulnerabilities

Corsair CJ

Recommended Posts

  • Corsair Employee

Spectre and Meltdown Vulnerabilities


Affected CORSAIR Products


These vulnerabilities affect:

• Bulldog (with motherboard)

• Bulldog 2.0



What are Spectre and Meltdown?


Undoubtedly there is some alarm about the security exploits dubbed “Meltdown” and “Spectre,” both of which center around a fundamental design principle of modern processors. High performance processors designed within the last ten to fifteen years can predict with a high degree of success what the next instructions will be when performing a task, and in doing so are able to substantially improve performance. This “speculative design” is one of the cornerstones of modern high-performance computing.


Unfortunately, researchers have recently discovered two security exploits you may have heard about, dubbed “Meltdown” and “Spectre,” which abuse speculative design through virtual machines (virtual PCs running on top of existing hardware.)


We’ll talk about Meltdown first. Meltdown is a flaw endemic to Intel processors designed over the past decade and affects almost all of them, dating back to at least the original Core i7 and including all the way up to the recently released Coffee Lake and Skylake-X processors. This is something intrinsic to the silicon itself; it can’t be remedied by a BIOS update. Note that this does not affect AMD processors.


Patches have already been released for major operating systems (including Windows) to close this exploit. You may have heard of an upwards of 30% performance impact as a result of the security patch, but note that this is primarily on the data center side. Our customers will receive the patch automatically from Microsoft and should see virtually no performance loss; TechSpot ran both synthetic and real world benchmarks and revealed no perceptible difference to end users (https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/).


The other flaw is Spectre, and it affects all modern processors, Intel and AMD alike, extending even to smartphone processsors. This exploits any modern CPUs that utilize speculative designs to improve performance. The industry is collectively working on ways to solve this problem, but because of its nature as a fundamental exploit in modern processor design, this is going to take a longer period of time to fix. Individual software suites will need to be patched to close this exploit.


On the flipside, Spectre is also much harder to abuse than Meltdown is, and it’s important to note that in both cases, these are read only exploits. On their own, they can’t run malicious code on your PC, and they can’t open the door to additional malware. Additionally, they require code to run locally on a system in order to work at all.


What to Do


Intel, Microsoft, NVIDIA, AMD, and other software and hardware vendors are working aggressively to mitigate Meltdown and Spectre. Here are some things you can do to protect yourself.


Update Windows

One of the easiest things you can do is make sure Windows is up to date. Windows 10 installs updates automatically, but to manually check, do the following:

1. Click the Start button.

2. Click the Settings (gear-shaped) icon.

3. Click “Update & Security.”

4. Click “Windows Update.”

5. Click “Check for updates.”


Update Your Video Card Drivers

The next thing you can do is update your video card drivers. You can always get the most recent version of your drivers from https://www.geforce.com/drivers if you have an NVIDIA GeForce graphics card, or http://www.amd.com if you have an AMD Radeon graphics card.


For CORSAIR ONE users, we are providing an updated graphics card driver on our download page (http://www.corsair.com/en-us/downloads). You can also visit the product page for your CORSAIR ONE model to download the updated driver.


Update Your BIOS

The BIOS in your CORSAIR ONE or Bulldog system will also need to be updated to mitigate Meltdown and Spectre. We are working with Intel and our motherboard vendors to provide these updates; once they are available, they will appear in this section with instructions on how to perform the update.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...