Nvidia's latest drivers help to mitigate CPU flaws, but GPU hardware is not vulnerable

By Greg S · 18 replies
Jan 10, 2018
Post New Reply
  1. As many tech companies are working together to patch Spectre and Meltdown vulnerabilities, Nvidia joins the list of businesses to offer a patched update. Initially, only Intel, ARM and AMD were known to be affected by some of the latest exploits. Now, Nvidia has quietly shown that its GPU drivers were potentially insecure as well.

    Update: Nvidia has reached out to clarify that their GPUs are not impacted by Spectre. According to their updated notes, GPU hardware is immune to the reported security issues (Meltdown and Spectre) however their latest driver software release includes updates to help mitigate the CPU security issue.

    Here's how Nvidia believes their products are affected (or not at all):

    • Variant 1 (CVE-2017-5753): CPU mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations for affected CPUs.
    • Variant 2 (CVE-2017-5715): NVIDIA’s initial analysis indicates that NVIDIA software running on affected CPUs may require further updates. NVIDIA expects to work together with its ecosystem partners on this variant.
    • Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that NVIDIA software is vulnerable to this variant when running on affected CPUs.

    Meltdown appears to have no effect on Quadro, NVS, GeForce, Tesla and GRID models. The second variant of Spectre could potentially affect graphics cards and is not fully patched yet but Nvidia is exploring options to enhance security. The first variant of Spectre is completely patched for GeForce, Quadro and NVS series. GRID and Tesla card owners will have to wait until the end of January to receive fixes.

    There is no mention of whether the latest driver updates will affect performance. Given that updated UEFI firmware and Windows updates are causing reduced SSD performance and marginal slowdowns in other cases, it would be highly unlikely for new drivers to provide better performance.

    It is advised to update to the latest Nvidia driver version available for your graphics card. For GeForce owners, version 390.12 on Linux or version 390.65 on Windows will provide the needed patches. No announcements have been made by AMD to disclose whether the RX and RX Vega series are affected as well.

    On a more positive note, the latest driver updates also add ShadowPlay Highlights support for Fortnite in Battle Royale mode. SLI profiles were updated for DIRT 4, Total War: WARHAMMER II and X-Morph: Defense. Notifications for attachment or removal of eGPUs were also added.

    Permalink to story.

     
  2. Nobina

    Nobina TS Evangelist Posts: 1,452   +928

    I got ****ed by Intel now by Nvidia too? :(
     
    Charles Olson likes this.
  3. stewi0001

    stewi0001 TS Evangelist Posts: 1,844   +1,238

    You already were by their prices. ;)
     
  4. hahahanoobs

    hahahanoobs TS Evangelist Posts: 2,182   +732

    The current driver has a patch in it...
     
  5. hahahanoobs

    hahahanoobs TS Evangelist Posts: 2,182   +732

    Thanks to mining, but you knew that.
     
    stewi0001 likes this.
  6. ZackL04

    ZackL04 TS Maniac Posts: 341   +156

    People make conscious decisions to buy the best at their price levels, just happens that lately Intel and Nvidia occupy those slots. Also has to do with mining killing AMD GPU price for performance. The 470 and 480 were king for a while when companies were nearly giving them away with rebates this time last year
     
  7. Kotters

    Kotters TS Maniac Posts: 311   +210

    Mining didn't create the Founder's Edition.
     
  8. Nobina

    Nobina TS Evangelist Posts: 1,452   +928

    Their prices were good when I bought them, the cheapest hardware I found that would suit my needs.
     
  9. FreeBetaTester

    FreeBetaTester TS Enthusiast Posts: 66   +23

    Can someone explain to me just what sort of applications that run on a GPU that could remotely have security implication? Seriously why should I care to slow down my GPU for security reasons that is applicable to say rendering frames higher FPS for Overwatch, Destiny 2, Rocket League, GTA5, etc.? It is not like it the GPU is just going to run any old javascript download from suspicious website and it would snooping for my banking password in the video card memory think (GDDR5/HBM/GDDR5X etc.) on the GPU.

    BTW if javascript (or any of evil variants, clones, alternatives), generic execution of code downloaded from remote unsafe sites, did not exist or never allowed to become thing, the spectre attacks will never have gotten off the ground. Spectre is a thing now, because javascript provides the vector and insertion point/point of entry for remote malicious code to run and subsequently search a process's private memory space.
     
  10. Burty117

    Burty117 TechSpot Chancellor Posts: 3,264   +1,027

    The story here is a little misleading. The GPU's themselves are not affected at all, But Nvidia has found a flaw in their driver that could potentially be used for Variant 2 attack. The latest drivers already fix the vulnerability so nothing to worry about to be honest, just update your drivers.
     
    Fluffmeister likes this.
  11. Julio Franco

    Julio Franco TechSpot Editor Posts: 7,781   +1,056

    Update: Nvidia has reached out to clarify that their GPUs are not impacted by Spectre. According to their updated notes, GPU hardware is immune to the reported security issues (Meltdown and Spectre) however their latest driver software release includes updates to help mitigate the CPU security issue.

    More details on the updated story.
     
  12. Fluffmeister

    Fluffmeister TS Enthusiast Posts: 27   +16

    Or the Frontier Edition (at least initially :p)

    https://pro.radeon.com/en/product/radeon-vega-frontier-edition/

    But credit to Nvidia for helping protect their customers from those dodgy CPU companies.
     
  13. Jules Mark

    Jules Mark TS Rookie Posts: 21   +7

    We will see if Huang tries to sell his NVDA shares in the coming months. I suspect some nVidia chips with ARM core are susceptible to vulnerabilities.

    FYI. At 34C3 event (the 34th Chaos Communication Progress) in Leipzig, Germany
    Team Xecuter doubled down by teasing a “definitive hack solution”(for Nintendo Switch) that would work with ANY firmware and, according to them, could NEVER be fixed via software updates by Nintendo.
     
  14. hahahanoobs

    hahahanoobs TS Evangelist Posts: 2,182   +732

    What were the MSRP's of those FE's again....?
    And who said you had to buy them?

    You're reaching like you're sinking in quicksand, man. ;)
     
  15. jobeard

    jobeard TS Ambassador Posts: 11,791   +1,251

    Contradictory news on NVIDIA GPUs:
    • WindowsCentral.com says: NVIDIA has issued new GPU drivers to guard against the recently disclosed Spectre processor exploit. NVIDIA has released an update (via Reuters) for its GPU driver software to mitigate attacks based on speculative side channel execution, shoring up its software against the Spectre exploit that has that has rocked chipmakers like Intel, AMD, and ARM since its disclosure last week.
    • PCgamer.com says: Variants 1 and 2 are both Spectre, while Variant 3 is Meltdown (check out our FAQ on the subject for a rundown of both). Nvidia's 390.65 driver update includes a fix for Variant 1.
    • Techcrunch.com says: Nvidia also updated its security bulletin to make clear that its own hardware products are not affected by the disclosed vulnerabilities, to the best of their knowledge right now.
    Nvidia.com is silent on the subject
     
    Last edited: Jan 11, 2018
  16. Kotters

    Kotters TS Maniac Posts: 311   +210

    You're forgetting history. The FE launched at significantly higher than MSRP, and thus, so did the board partner cards.

    But don't let that stop you.
     
  17. hahahanoobs

    hahahanoobs TS Evangelist Posts: 2,182   +732

    1. That isn't nVIDIA's fault. It never is.
    2. History? Um.. how long ago was that?
    3. For the millionth time, no one forced ANYONE to buy FE cards. In fact, regardless of price, only impatient or people looking to use water blocks buy reference cards.
    4. Thanks for playing!
     
    Last edited: Jan 11, 2018
  18. Kotters

    Kotters TS Maniac Posts: 311   +210

    ...It is nVidia's fault. The reference card is launching at a significantly higher price than MSRP? Really? Why would you ever launch an MSRP card, then?

    Or rather, why would you announce an MSRP, and then ensure that there would not be any card available at MSRP?

    Also, lists make you sound like a 12 year old writing a "clever" book report, not a game show host.
     
  19. hahahanoobs

    hahahanoobs TS Evangelist Posts: 2,182   +732

    My list is far less offensive than your knowledge of how the market works.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...