Nvidia Updates Software But Denies Impact From Meltdown & Spectre

Nvidia claims that its graphic processing units (GPUs) are “immune” to the Meltdown and Spectre security flaws affected CPUs from Intel, ARM and AMD.

But nevertheless, the firm has issued a security update for its drivers to mitigate against any risks, because they interact with the potentially vulnerable CPUs.

The release comes amid a debate about the performance impact of the software fixes for Spectre and Meltdown. Intel has downplayed reports of a performance hit on patched systems, despite Microsoft benchmarks warning of a server and PC slowdown when the fixes are applied to some systems.

Nvidia Immune

“Nvidia is providing an initial security update to mitigate aspects of Google Project Zero’s January 3, 2018 publication of novel information disclosure attacks that combine CPU speculative execution with known side channels,” said Nvidia in its advisory.

“We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue.”

Nvidia has provided updates to GeForce, Quadro, and NVS driver software, as well as its Tesla driver software, and its GRID driver software. These updates cover the drivers running on a range of platforms including Windows, Linux, Red Hat and VMware.

The updates come because many CPUs from AMD, ARM, and Intel, are said to be vulnerable to the flaws found by the Google Project Zero back in June last year.

When news of the flaws broke last week, the industry seemed to be caught off guard, despite the fact that they were going to publicly disclose the flaws on 9 January.

This week Intel CEO Brian Krzanich used his keynote address at the Consumer Electronics Show (CES) in Las Vegas to assure customers that fixes would be released within a week. The chip giant is currently facing at least three class-action lawsuits over the matter.

Apple has also released new fixes for its platforms.

Performance Slowdown

Despite this fixes, there seems to be an element of disagreement between Intel and Microsoft over the likely performance impact of the security updates.

Intel has previously said that any downgrade in performance wouldn’t be noticeable to most users.

But Microsoft has said that its benchmarks prove otherwise, and says the slowdown from the fix will be worse for older PCs.

 Loading ...

But even more concerning was Microsoft warning that Windows Server instances will have a “more significant performance impact,” especially if servers are I/O intensive.

Intel has responded with its third statement on the matter, and reiterated that the slowdown from the fix would not be significant for average computer users.

“Based on our most recent PC benchmarking, we continue to expect that the performance impact should not be significant for average computer users,” said Intel. “This means the typical home and business PC user should not see significant slowdowns in common tasks such as reading email, writing a document or accessing digital photos.”

“Based on our tests on SYSmark 2014 SE, a leading benchmark of PC performance, 8th Generation Core platforms with solid state storage will see a performance impact of 6 percent or less,” it stated.

However it is reported in various media outlets that some organisations such as Epic Games, have publicly complained about the Meltdown patches impacting performance. Epic is said to have blamed a slowdown of its online gaming platform on the patches.

Meltdown and Spectre affect just about every single processor made over the past 20 years, causing emergency fixes and mitigations to be released for Windows, Mac, iOS and Android. Chips made by ARM manufacturers and AMD are also impacted.

Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encryption keys or steal information from other applications.

Quiz: What do you know about Intel?