Become a fan of Slashdot on Facebook


Forgot your password?

NVIDIA GPUs Weren't Immune To Spectre Security Flaws Either ( 139

Nvidia has became the latest chipmaker to release software patches for the Spectre microchip security threat, indicating that the chipset flaw was affecting graphic processors as well as CPUs. From a report: To that end, NVIDIA has detailed how its GPUs are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue. All its GeForce, Quadro, NVS, Tesla and GRID chips appear to be safe from Meltdown (aka variant 3 of the attacks), but are definitely susceptible to at least one version of Spectre (variant 1) and "potentially affected" by the other (variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second. Most of the updates are available now, although Tesla and GRID users will have to wait until late January.
This discussion has been archived. No new comments can be posted.

NVIDIA GPUs Weren't Immune To Spectre Security Flaws Either

Comments Filter:
  • Wow (Score:5, Funny)

    by 110010001000 ( 697113 ) on Wednesday January 10, 2018 @11:28AM (#55900729) Homepage Journal
    The current generation of computers are going to be even slower than the last generation. Nice job all around!
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Since all CPUs since 1995 are affected they're not, because that generation is slower now as well if you're running the latest updates.

    • by antdude ( 79039 )

      Slower than Pentiums?

  • by drinkypoo ( 153816 ) <> on Wednesday January 10, 2018 @11:28AM (#55900731) Homepage Journal

    If this is another thing that AMD got right while the competition got it wrong, they're really going to come out looking like the only responsible parties.

    • AMD is also not immude to Spectre... only Meltdown!
      • by Luthair ( 847766 )
        Actually they were only shown to have issues with one variant of spectre.
        • by Anonymous Coward

          A variant that requires physical access to the hardware no less.

    • by RedK ( 112790 )

      What about AMD ? They are vulnerable to Spectre too. What did they get right in this case exactly ?

    • Has AMD (ATI) video cards do some speculative execution, Spectre is most probably also a problem for them.

      From there, there is some possibilities:
      - They tried to let it go under the rug by not talking about it for their video card products
      - They are still in the process of working around
      - They don't think that problem is a problem for video card workload (non sensitive)
      - They are greedy and won't lose money working on it
      - They don't have the problem
      - They are incompetent

      Pick your best guess

      • by Luthair ( 847766 )
        I assume this is tied to either the virtual GPU work or some sort of shared compute, maybe AMD hasn't advanced as far nvidia in architecting in this area?
        • AMD is offers fuller preemptive multitasking. If anything, their hardware is more advanced than NVIDIA's for general compute. (NVIDIA has added some very nice hardware for deep learning though.)

          AMD's bigger problem is that NVIDIA did a very good job of promoting CUDA and related proprietary tools. NVIDIA has a huge headstart in putting tools for programming their GPUs in front of developers. Honestly, they've always been better at software and industry partnership than AMD.

      • Missing option: "most of the above". "most" because "They don't have a problem" is N/A.

      • by mikael ( 484 )

        If you look at some of the papers on GPU architecture research, they are eliminating the out-of-order and speculation execution of instructions as well. They were doing so since 2011.

  • by Anonymous Coward on Wednesday January 10, 2018 @11:43AM (#55900835)

    NVIDIA GPUs do not do speculative execution. They do not have access to kernel memory. They are not susceptible to these flaws. These are patches in their drivers to account for CPU (not GPU) exploits. I.E. Intel and AMD flaws. I bet NVIDIA releases a clarification soon.

    • They do not have access to kernel memory.

      Spectre has nothing to do with kernel memory. You're confusing the Spectre flaw with the Meltdown flaw.

      • And the code running on a GPU has no access to main memory ...

        • No, but the code running on a GPU memory has access to video memory, which means Spectre style flaws could be exploited to expose sensitive data stored in video memory that the code would not normally have access to.

        • This is not entirely accurate. You have unified memory access in CUDA, and it's been that way for years. The CUDA driver has system-level privileges.

          A quick google turned up this NVIDIA blog post []. You can dig into the details on CUDA Zone if you're really curious.

          Unified memory is also supported in DirectX 12 [] if the underlying hardware supports it.

          In both cases, the driver shuffles data transparently. There are already a lot of attacks that rely on manipulative accesses of memory/cache to ensure that data i

  • Wonder what impact this will have on cryptocurrency markets. Regardless of actual slowdown in mining, it is the perception that will probably matter...

    • My guess is none.
      The patches only make sense if the computers running the hardware do hold sensitive information. Cryptomining drone systems generally don't; furthermore they are generally isolated from the Internet.

      • Perhaps.

        My thought was more along of the line of the perceived impact in the overhead of a patch that for a CPU is going to drop instruction processing by between 5% and 20%. If the BitCoiners think that mining rates would suffer the same amount of throttling (decreasing supply) if it will impact the market.

        Note, though, I am referring to perception more than actual mining rate changes.

        • CPUs have very, very, very little impact in GPU mining. As in "insignificant".

          • Ya. But - how will the market see this thing?

            Technically, yep. Agree completely. Just pondering the difference between technical reality and perception, and how it impacts things :-)

      • Can't mine without an Internet connection..

        • As a standalone miner, you can't.
          In mining datacenter, you cave a local pool which is controlled by a PC connected to the Internet, and miners connect to the local pool without being connected to the Internet themselves.

          • Didn't think of that, But I personally don't call that isolated if the network is connecting to a box with internet access. There is always a way in, Finding it is the hard part.

  • by DontBeAMoran ( 4843879 ) on Wednesday January 10, 2018 @11:59AM (#55900967)

    Oh noes! The bad guys will access my game textures!

  • NVIDIA’s core business is GPU computing. We believe our GPU hardware is immune to the reported security issue and are updating our GPU drivers to help mitigate the CPU security issue. As for our SoCs with ARM CPUs, we have analyzed them to determine which are affected and are preparing appropriate mitigations.

  • by Nemyst ( 1383049 ) on Wednesday January 10, 2018 @12:37PM (#55901279) Homepage
    Holy shit this is bad reporting. Nowhere on the Nvidia page does it say that GPUs are actually affected by Spectre or Meltdown. It's in fact impossible since GPUs don't perform speculative execution. On top of that, GPUs don't run kernel code (so cannot leak it), don't run an OS, have a completely different architecture to begin with and so on.

    So what's this announcement about? It's a driver update to mitigate Spectre/Meltdown which could potentially affect the driver's CPU code. This has also been confirmed by Nvidia [] many days ago.

    Shameful reporting by Engadget, not that I'm surprised considering they barely qualify as "tech" reporting.
    • by tlhIngan ( 30335 )

      On top of that, GPUs don't run kernel code (so cannot leak it)

      No, GPUs have access to kernel memory and can leak that. I don't care about the GPU memory contents. But the GPU has access, because of its design, to the OS kernel's memory, and potentially it has write access to that memory.

      (The GPU drivers generally reside in the kernel, and for fast efficient transfers of data, the system may map the entire system RAM into PCIe memory space so the GPU can rapidly access all the buffers - the command buffers f

    • by sl3xd ( 111641 )

      On top of that, GPUs don't run kernel code (so cannot leak it),

      It's entirely different from saying it's a problem with the GPU, but: There is the much-maligned NVIDIA kernel module which does interact with the GPU.

      It's not far-fetched to say that there may be Meltdown/Spectre related patches -- though it's far more reasonable to say that any fixes would be a mitigation between the kernel module/driver and the CPU.

  • by Anonymous Coward

    Even if the Nvidia chips are exposed, why would anyone attack a GPU that has no access to any personal information? GPU's store pixel data and other display data not personal data. I guess for myself I would be more concerned about Intel's and AMD's new chip combinations that at least implies a closer connection between the two. Not suggestion a current security threat, but certainly might be a potential target if a flaw were to exist.

  • These flaws having been introduced so widely and having existed for so long is a side effect of petal to the metal semiconductor advancement. I can only suspect other flaws will be found in time. If this forces an extra layer of thoughtfulness to a technology that stands as the centerpiece of modern civilization and represents (at least to me) the greatest technological realization of the modern scientific age (arguable) then things can only be that much better moving forward. Dye fabrication size is alread

To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire