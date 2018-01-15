Nvidia updates graphics drivers for Spectre CPU attacks

The Game Ready driver released by Nvidia for its GeForce graphics cards ostensibly added new features announced at CES, such as Nvidia FreeStyle filters, Ansel screenshot improvements, and ShadowPlay Highlights for Fortnite, Crossout, and Elex. However, it quietly held another purpose, too—protecting data from hackers, and specifically against the devastating Spectre attack.

Like its sister flaw, Meltdown, Spectre exploits how computer processors handle a task called “speculative execution” to gain access to sensitive data stored in your operating system’s protected kernel. But while Meltdown could be resolved by operating system patches, Spectre is harder to smack down, requiring individual software vendors to update potentially vulnerable applications. Nvidia discovered its GPU display driver software can fall prey to the Spectre CPU exploit—unsurprising, given how deeply graphics card software digs into your operating system kernel—and is pushing these updates to strengthen against it.

To be clear, Nvidia graphics hardware is not vulnerable to Meltdown or Spectre. This is a software patch to help protect against exploits against CPUs from Intel, AMD, and ARM.

These new drivers include initial mitigations against one of two known Spectre variants, CVE-2017-5753. As far as the second Spectre flaw, “Nvidia’s initial analysis indicates that the Nvidia GPU Display Driver is potentially affected by this variant,” the company says. “Nvidia expects to work together with its ecosystem partners on future updates for this variant.”

Consumer graphics cards aren’t the only hardware being patched to fight Spectre. Nvidia’s GeForce, Quadro, NVS, and Tesla cards on the R384 driver branch have fixes available now. Updated drivers for GRID users and Tesla card on the R390 branch will become available later this month.

Nvidia has not said if the driver updates will affect performance, nor have we had time to test at time of writing. These initial fixes may not move the needle much, though. In a detailed breakdown of how Spectre fixes can slow down older PCs, Microsoft said that the mitigations for the first Spectre exploit—the one Nvidia’s new drivers protect against—have “minimal performance impact.” But strengthening Windows and CPU firmware against the second Spectre flaw slows down performance. Nvidia’s future software patches might not suffer the same fate; we will need to keep an eye on the situation as new fixes become available.

Users should update to Nvidia’s new drivers as soon as possible regardless, and make sure antivirus suites are running strong.

