Meltdown and Spectre FAQ

Are any Rambus customers currently exposed to these vulnerabilities?

As always, security is very important to Rambus and we are taking urgent action to address the Meltdown and Spectre vulnerabilities. Customers should expect upcoming maintenance window requests as we implement these urgent security patches to address critical vulnerabilities.

What is Rambus doing to protect customers?

Customer security is Rambus’ top priority, and Rambus utilizes industry best practices such as CIS Top 20 Controls in reducing the possibility of a security attack and breach.  These measures include security monitoring and continuous vulnerability management and remediation. Rambus has implemented multiple layers of security controls to protect customers from these attacks that requires an exploit to run locally on the target system.

Have these issues been exploited?

We are not aware of any exploits at Rambus.

Indications from our CPU provider suggest that the performance impact after the patches will not be significant.  Rambus agrees and does not expect meaningful performance impacts. Rambus monitors the solutions that we provide to our customers and if any performance impact is noted, we will address to ensure that we continue to meet reasonable and contractual requirements. Note that customers should expect upcoming maintenance window requests as we implement these urgent security patches to address critical vulnerabilities.

What are the next steps?

As operating system and other vendors (e.g., Microsoft, etc.) make patches available, the Rambus Customer Service Teams will be providing communications around specific scheduling and maintenance windows once we have validated such patches.