As many tech companies are working together to patch Spectre and Meltdown vulnerabilities, Nvidia joins the list of businesses to offer a patched update. Initially, only Intel, ARM and AMD were known to be affected by some of the latest exploits.
Now, Nvidia has quietly shown that its GPU drivers were potentially insecure as well.
Update: Nvidia has reached out to clarify that their GPUs are not impacted by Spectre. According to their updated notes, GPU hardware is immune to the reported security issues (Meltdown and Spectre) however their latest driver software release includes updates to help mitigate the CPU security issue.
Here's how Nvidia believes their products are affected (or not at all):
- Variant 1 (CVE-2017-5753): CPU mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations for affected CPUs.
- Variant 2 (CVE-2017-5715): NVIDIA’s initial analysis indicates that NVIDIA software running on affected CPUs may require further updates. NVIDIA expects to work together with its ecosystem partners on this variant.
- Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that NVIDIA software is vulnerable to this variant when running on affected CPUs.
The original story follows below (with corrections):
Meltdown appears to have no effect on Quadro, NVS, GeForce, Tesla and GRID models. The second variant of Spectre could potentially affect graphics cards and is not fully patched yet but Nvidia is exploring options to enhance security. The first variant of Spectre is completely patched for GeForce, Quadro and NVS series. GRID and Tesla card owners will have to wait until the end of January to receive fixes.
There is no mention of whether the latest driver updates will affect performance. Given that updated UEFI firmware and Windows updates are causing reduced SSD performance and marginal slowdowns in other cases, it would be highly unlikely for new drivers to provide better performance.
It is advised to update to the latest Nvidia driver version available for your graphics card. For GeForce owners, version 390.12 on Linux or version 390.65 on Windows will provide the needed patches. No announcements have been made by AMD to disclose whether the RX and RX Vega series are affected as well.
On a more positive note, the latest driver updates also add ShadowPlay Highlights support for Fortnite in Battle Royale mode. SLI profiles were updated for DIRT 4, Total War: WARHAMMER II and X-Morph: Defense. Notifications for attachment or removal of eGPUs were also added.