• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Security Bulletin: NVIDIA GPU Display Driver Security Updates for Speculative Side Channels

LoadsaMoney

LoadsaMoney

LoadsaMoney

Caporegime
Joined
8 Jul 2003
Posts
30,063
Location
In a house
NVIDIA response to speculative execution with known side channels - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754
Bulletin Summary
NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks that combine CPU speculative execution with known side channels.

The vulnerability has three known variants:

  • Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
  • Variant 2 (CVE-2017-5715): NVIDIA’s initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
  • Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.
Click to expand...

https://nvidia.custhelp.com/app/answers/detail/a_id/4611

EDIT:

Drivers out now.

v390.65 WHQL

http://www.nvidia.com/Download/index.aspx
 
Last edited:
OK its great they have released a fix, but how is the GPU affected, am I missing something?

A quick read doesn't explain to me how a normal user / gamer could have their GPU compromised to leak information, or is this targeted more at HPC GPU computing loads?
 
The bulletin states that the issue is present on ALL GeForce, Tesla, Quadro etc products and I assume this will probably include upcoming products too.

What I'd like to know is, will the green team still go ahead with the launch of a product they know to be flawed, as Intel have done?

Is it too late to rework their next-gen series or will they just wait until the dust settles, hope everyone forgets about the problems and sell a broken product anyway?
 
Satchfanuk said:
The bulletin states that the issue is present on ALL GeForce, Tesla, Quadro etc products and I assume this will probably include upcoming products too.

What I'd like to know is, will the green team still go ahead with the launch of a product they know to be flawed, as Intel have done?

Is it too late to rework their next-gen series or will they just wait until the dust settles, hope everyone forgets about the problems and sell a broken product anyway?
Click to expand...

This isn't a product flaw its adding extra resilience against potential vectors for attack - the same will be true of any GPU that processes certain data in the same way - the flaw is with the Intel hardware not the GPU and a little weakness in the driver software that might allow it to be exploited as another avenue towards using these CPU vulnerabilities but that couldn't be known before this came to light.
 
Rroff said:
This isn't a product flaw its adding extra resilience against potential vectors for attack - the same will be true of any GPU that processes certain data in the same way - the flaw is with the Intel hardware not the GPU and a little weakness in the driver software that might allow it to be exploited as another avenue towards using these CPU vulnerabilities but that couldn't be known before this came to light.
Click to expand...
Well it seems nvidia are affected by variant 2 and possibly variant 1. Variant 2 being on a driver level so that's easily fixed, surley?
Variant one is a maybe but they seem to be working together with appropriate parties to mitigate the risk. And variant 3 they are not at risk from.

As long as the updated driver doesn't affect GPU performance i'm okay.

I wonder if AMD's GPU driver may have a similar issue?
 
r7slayer said:
Well it seems nvidia are affected by variant 2 and possibly variant 1. Variant 2 being on a driver level so that's easily fixed, surley?
Variant one is a maybe but they seem to be working together with appropriate parties to mitigate the risk. And variant 3 they are not at risk from.

As long as the updated driver doesn't affect GPU performance i'm okay.

I wonder if AMD's GPU driver may have a similar issue?
Click to expand...
pretty much any Chip that pre-preemptively carries out instructions based on what it thinks might happen next could be effected. it depends on if they secured the memory or not
 
You must log in or register to reply here.
Back
Top Bottom