NVIDIA races to patch GPU Drivers for Spectre and Meltdown

Print Friendly, PDF & Email

Editor’s note: NVIDIA has since amended their security bulletin with this statement: “We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue.”

A new security bulletin from NVIDIA reveals that its GPU drivers are not immune to the Spectre and Meltdown exploits that affect nearly every modern CPU. This is bad news for HPC, where the company’s Tesla GPUs are widely deployed to accelerate applications.

NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks that combine CPU speculative execution with known side channels.

The vulnerability has three known variants:

  • Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
  • Variant 2 (CVE-2017-5715): NVIDIA’s initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
  • Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.

The security bulletin includes links to updated GPU drivers for Windows and Linux.

At this time, it appears that GeForce, Quadro, NVS, Tesla and GRID chips are safe from Meltdown (Variant 3), but are definitely susceptible to at least one version of Spectre (Variant 1) and “potentially affected” by the other (Variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second. Most of the updates are available now, although Tesla and GRID users will have to wait until late January.

NVIDIA has not said whether patched drivers will affect performance. For updates and additional information, actively monitor the NVIDIA Product Security page.

Sign up for our insideHPC Newsletter

Comments

  1. Anonymous Coward says

    GPUs don’t have branch predictors and don’t do speculative execution, so it’s likely that those driver updates introduce mitigations on the kernel side of the driver, rather than addressing an architectural problem within the GPUs themselves.
    But of course, only NVIDIA would know.

  2. Anonymous Coward says

    https://www.marketwatch.com/story/nvidia-ceo-disputes-reports-that-gpus-are-susceptible-to-spectre-vulnerability-2018-01-10
    “NVIDIA races to patch GPU Drivers for Spectre and Meltdown”, not quite, looks like…

    • After we published our story, NVIDIA added the following statement to their security bulletin: “We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue.”

      We stand by our story and our headline, as they are still working to patch their GPU drivers.