Spectre mitigations arrive in latest Nvidia GPU drivers

Graphics giant pushes out new drivers to mitigate Spectre issues on CPUs.
Written by Chris Duckett, Contributor

Graphics giant Nvidia has released a new set of drivers that contain some mitigations against the Spectre side-channel vulnerability.

In a short security bulletin, Nvidia said it had no reason to believe it was affected by the largely Intel-specific Meltdown, but its was updating its portfolio of drivers for GeForce, Quadro, NVS, Tesla, and Grid products to mitigate Spectre.

Updated drivers for GeForce, Quadro, and NVS are available now, with all Tesla and Grid drivers to be updated before the end of the month.

After this initial release, Nvidia said it would work with its partners on further mitigations.

"We believe our GPU hardware is immune to the reported security issue," Nvidia said. "As for our driver software, we are providing updates to help mitigate the CPU security issue."

Revealed last week by Google Project Zero, Meltdown and Spectre are the common names for a trio of vulnerabilities that need to be patched independently.

"All three attack variants can allow a process with normal user privileges to perform unauthorized reads of memory data, which may contain sensitive information such as passwords, cryptographic key material, etc," Google's initial notice said.

Researcher Jann Horn, who found the vulnerabilities, created a Spectre proof that allowed for arbitrary memory reads in a 4GiB range on an Intel Xeon e5-1650 v3 processor, and allowed kernel virtual memory to be read at 2,000 bytes per second after 4 seconds of startup time. Enabling the kernel's BPF JIT compiler permits for the same attack to work on an AMD PRO A8-9600 R7.

As operating system and chip vendors have begun pushing out updates to fix Meltdown or mitigate Spectre, it has not been completely smooth sailing.

Earlier this week, a number of users with older AMD processors found they could not boot after installing Windows 10 patches from Microsoft.

Microsoft created a Windows registry key to indicate a user's anti-virus program is compatible with the Spectre patches, and if the key is missing, a system will not receive the appropriate updates.

"If you have not been offered the security update, you may be running incompatible antivirus software and you should follow up with your software vendor," Redmond said last week.

The company said it had found some anti-virus programs were making unsupported calls into Windows kernel memory that caused blue screening.

Linus Torvalds told ZDNet last week that performance hits due to the updates being pushed out will depend on workload.

"I think 5 percent for a load with a noticeable kernel component (eg, a database) is roughly in the right ballpark," the Linux creator said. "But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation."

Updated at 4.38pm AEDT, January 12, 2018: Clarified impact of Spectre after Nvidia updated its security bulletin.

Editorial standards