Following the Google Project Zero publication which highlighted the Spectre and Meltdown vulnerabilities in CPUs, several major tech companies, including Google, Microsoft, Apple, Intel, and Mozilla, have come forward to acknowledge the presence of the vulnerabilities and issue appropriate patches for the same. In a recent security bulletin on NVIDIA’s support website, the company has confirmed that the Spectre and Meltdown vulnerabilities have also been discovered in its products.
NVIDIA has highlighted three known variants of the of the vulnerabilities, referred to as CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. Regarding the vulnerabilities, the company states:
- Variant 1 (CVE-2017-5753): “Mitigations are provided with the security update included in this bulletin. NVIDIA expects to work together with its ecosystem partners on future updates to further strengthen mitigations.”
- Variant 2 (CVE-2017-5715): “NVIDIA’s initial analysis indicates that the NVIDIA GPU Display Driver is potentially affected by this variant. NVIDIA expects to work together with its ecosystem partners on future updates for this variant.”
- Variant 3 (CVE-2017-5754): “At this time, NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this variant.”
In order to patch the vulnerabilities, NVIDIA has provided mitigations in form of a security update and expects to work with its ecosystem partners on future updates to “further strengthen mitigations”.
With the upcoming patches, NVIDIA’s Android-based Shield tablet should be upgraded to Shield Experience 5.4, which is expected to arrive by the end of this month. Updates for the Shield TV will come with the Shield Experience 6.3 package within the same time frame.
In order to apply the patches, users will also have to upgrade to the latest driver branch. To check the driver branch, you will need to:
- Launch Windows Device Manager
- Select Display Adapters
- Select the NVIDIA GPU node and right-click
- Go to the Driver tab
The company has also listed the following example to help users decipher the driver version: 10.18.13.6472 is 364.72 and 10.18.13.472 is 304.72, so you can identify exactly which version you are on.
