NVIDIA Video Cards and Shield Devices To Get Security Updates For Speculative Side Channels
NVIDIA has published security bulletins about the attacks that combine CPU speculative execution with known side channels. NVIDIA has hardly had their name mentioned at all in this latest chip debacle, but it looks like they’ll be releasing updates for some products.
- Variant 1 (CVE-2017-5753): Computer systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- Variant 2 (CVE-2017-5715): Computer systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- Variant 3 (CVE-2017-5754): Computer systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
The vulnerability has three known variants and it looks like NVIDIA graphics cards, the Shield TV and the Shield tablet are vulnerable to the first two. None of the devices appear to be impacted by the third. If you happen to own an NVIDIA GeForce, Quadro, NVS and Tesla graphics solution you’ll be able to patch this ‘bug’ with a simple driver update on both Windows and Linux machines. That driver fix is expected to release the week of January 8, 2018.
NVIDIA doesnt know of any exploits to these issues at this time.