Nvidia assured its customers that its graphics processing hardware units were completely safe from the dangers brought by the Spectre security flaw.
2018 started with the haunting discovery of the Meltdown and Spectre vulnerabilities that affect almost every chip -- even those manufactured and released a couple of decades ago -- used by computers worldwide.
A few days ago, Nvidia posted a security bulletin that identified three variants of security issues. This post was reportedly "misinterpreted" by some outlets and prompted the company to hold a press conference to clarify that its hardware products were in no way affected by the Meltdown or Spectre flaws.
It is important to note that both Meltdown and Spectre have been identified as vulnerabilities on CPU chips, and how they work are actually hinted by at their names.
In a well-functioning computer, if one program is compromised, it does not necessarily mean that other running programs are automatically affected. This was made possible through the CPU's capacity to isolate security issues or build boundaries among different programs. However, Meltdown "melts" these security walls.
On the other hand, Spectre is a more aggressive CPU bug but remains related to Meltdown. If the latter can bypass program boundaries to contain a security bug, Spectre has the capacity to break that isolation between different programs. Attackers can then exploit the CPU's "speculative execution" process to spread the security issue and later control a supposedly secured program.
Nvidia echoed this in their security bulletin and explained that it would ultimately permit an attacker to access sensitive information on any unpatched computer and operating system.
However, Nvidia maintained that Spectre and Meltdown only affects the driver software and not the GPU itself. The company has since released a number of security patches for the driver software of their products GeForce, Quadro, NVS, Tesla, and GRID.
"What we did is we released driver updates to patch the CPU security vulnerability. We are patching the CPU vulnerability the same way that Amazon , the same way that SAP, the same way that Microsoft, etc are patching, because we have software as well," Nvidia CEO Jensen Huang explained.