Jan. 10, 2018 — NVIDIA has updated its GPU drivers to protect against the security flaw known as Spectre. The flaw has left massive numbers of CPUs potentially susceptible to intrusion and data theft, and NVIDIA’s patch indicates that certain GPUs may also be vulnerable.
NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks that combine CPU speculative execution with known side channels.
The vulnerability has three known variants:
- Variant 1 (CVE-2017-5753): Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.
- Variant 2 (CVE-2017-5715): NVIDIA’s initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.
- Variant 3 (CVE-2017-5754): At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.
Most (but not all) of the patches are available today through the NVIDIA website. For updates and additional information, actively monitor the NVIDIA Product Security page.