Graphics giant Nvidia is in the news again, as it has released a new set of drivers that enlists some mitigation against the side-channel vulnerability.
Recently, Nvidia has also released a press statement to address that this new patch is meant only for disseminating the CPU security issues instead of the patch a non-existent security flaw in the company’s graphics cards. A Nvidia spokesperson also informed that “GPU hardware is immune to the reported security issue”.
After this initial release, Nvidia also regarded that it would work with its partners on further mitigations. Now, to look back, as revealed last week by Google Project Zero, Meltdown and Spectre are the common names for a trio of vulnerabilities that need to be patched independently.
Google’s initial notice also regarded that, “All three attack variants can allow a process with normal user privileges to perform unauthorized reads of memory data, which may contain sensitive information such as passwords, cryptographic key material, etc”.
Researcher Jann Horn, who actually found the vulnerabilities, created a Spectre proof that allowed for arbitrary memory reads in a 4GiB range on an Intel Xeon e5-1650 v3 processor and also allowed for kernel virtual memory to be read at 2,000 bytes per second after 4 seconds of startup time. Enabling the kernel’s BPF JIT compiler permits for the same attack to work on an AMD PRO A8-9600 R7.
Nvidia also noted that it wasn’t affected by Meltdown, which is more common into Intel’s processors, but that its GPUs were affected by the far more wide-ranging and problematic Spectre. The company also issued a security bulletin stating that it is providing an “initial security update to mitigate aspects” of the latter.
This notice is applicable to consumer GeForce graphics cards, as well as Nvidia’s heavyweight GPU products such as Quadro and Tesla.
The updated and patched version of drivers for GeForce graphics cards, as well as Quadro and NVS GPUs, running on Windows and Linux is available now. Users would have to install version 390.65 for Windows with Tesla and Grid driver updates to follow before January is out.