Last week, Nvidia ran into some problems with the recently revealed "Meltdown" and "Spectre" bugs. When the manufacturer announced that it would be releasing a new patch to address the memory-related vulnerabilities, some outlets misinterpreted the statement as an indirect admission that perhaps, even its GPU might be vulnerable.
For those who might be wondering what Spectre and Meltdown are, here’s a brief explanation:
Just days after the explosive New Year celebration, the entire computing world received an even more explosive revelation—everyone’s been sitting on top of a security flaw that has existed for more than two decades.
On January 3, Meltdown and Spectre, two security vulnerabilities present in every computer, tablet and even smartphones since 1995, were finally revealed to the world. Before you go ahead and unplugged all your computing devices, just take a deep breath and relax; everything is being taken care of. Patches are being deployed and the vulnerabilities should soon become a thing of the past.
If you have to blame someone, blame it on our need to have our computers run faster. In 1995, manufacturers developed the idea of executing certain computer processes ahead of time, even before users inputted their choice. This process was termed "speculative execution." For example, if you frequently visit a particular website that requires login credentials, your computer would guess that you would want to enter your password and begin loading the necessary files. This, of course, boosts computing speed as your PC will be correct about your intentions most of the time. The problem starts when the user inputs a choice different from what the computer had predicted. The computer then has to throw away the useless data into the cache memory.
This would not have been a problem back in those days when PCs were usually stand-alone. These days, however, everything is connected and, with this interconnectivity, researchers were actually able to prove that someone connected to the system could actually take a peak at the contents of those rejected data. While it may not necessarily contain sensitive information, there is that chance that it may indeed contain personal data like credit card numbers.
In response to the security vulnerabilities, Nvidia decided to update the driver software of its GPUs. However, Nvidia’s move was misunderstood and some even took it as an admission that even its GPUs could be vulnerable as well.
To address the misconceptions about its products, Nvidia CEO Jensen Huang clarified the company’s position during the Q & A portion at a press conference on Wednesday. “Our GPUs are immune, they’re not affected by these security issues,” Huang asserts. “What we did is we released driver updates to patch the CPU security vulnerability.”
As Huang explains it, the patches are basically similar in nature to the patches provided by other tech companies and not an indication that its hardware is particularly vulnerable. “We are patching the CPU vulnerability the same way that Amazon, the same way that SAP, the same way that Microsoft, etc is patching because we have software as well,” he said.
Summing it up, Huang declared, “I am absolutely certain that our GPU is not affected.”
Just what level of threat do those vulnerabilities expose regular users of the internet? According to UPROXX, the general public should not be too worried about it. For starters, those vulnerabilities are very hard to exploit. In addition, there is really no indication that there were security issues that resulted in any exploitation. When you come to think of it, it even took those experts more than two decades to realize that the flaws existed.
Everything should be fine as long as you run the fixes being prepared by various tech companies.