Nvidia patch release adds to scope of Spectre worriesReprints
(Reuters) — Graphics specialist Nvidia Corp. was the latest chipmaker to say its equipment was vulnerable to the Spectre security threat, broadening the scope of concern for millions of computers beyond their central processors.
Spectre is one of two chipset flaws, the other dubbed Meltdown, revealed by researchers last week that offer hackers opportunities to steal sensitive information from laptops, desktop computers, smartphones, tablets and internet servers.
Advanced Micro Devices Inc., ARM Holdings and now Nvidia have reported being exposed to the Spectre flaw, while Intel Corp. has been hit by both.
Nvidia, the world's leading maker of graphics chip processors, or GPUs, said in a blogpost it is releasing software security patches that affected chipsets included GeForce, Tesla, Grid, NVS and Quadro.
"NVIDIA has no reason to believe that the NVIDIA GPU Display Driver is vulnerable to this (third) variant," Nvidia said, referring to Meltdown. A display driver is an integrated circuit that acts as an interface between Nvidia chips and a screen.
While the full extent of affected systems is not yet fully known, Cisco Systems Inc. has said it has identified 18 vulnerable products and is looking for problems in nearly 30 other products, including switches and routers.
Releases to date from chipmakers have concerned central processing units, or CPUs, rather than graphics processors.
Affected companies, keen to quash any speculation that the flaws could require the replacement of millions of chips or provoke lawsuits caused by slowing computer performance, have been striving to play down the scale of the threat.
Intel and AMD have not disclosed the number of chips affected by the security flaws, and AMD has said its products were at "zero risk" from Meltdown. ARM says that around 5% of more than 120 billion chips shipped since 1991 were impacted by Spectre and significantly fewer by Meltdown.
Meltdown could let hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords. Spectre potentially allows hackers to trick otherwise error-free applications into giving up secret information.
GeForce, Nvidia's core line of GPUs, is aimed at consumer markets and includes gaming chips.
The Quadro chipsets are used for commercial workstations, while Tesla powers datacenters and is used for artificial intelligence processing such as that used in self-driving cars.
"It's not shocking to see this given the widespread nature of the chip vulnerabilities ... This situation will test its brand and reputation although we see minimal financial ramifications to the company," Daniel Ives, research analyst at GBH Insights, said about Nvidia.
Nvidia shares were down 1.3% at $219.09 in early trading on Wednesday. Intel shares were little changed, while AMD, believed to be able to benefit from its rivals' issues, were up 1.7%.
Chipmakers and operating system vendors have been pushing out patches to fix the flaws, but the software updates have also raised a host of new concerns.
Microsoft Corp. said Tuesday its software patches slowed down some PCs and servers, with systems running on older Intel processors seeing a noticeable decrease in performance, and added that security updates froze some computers using chipsets from AMD.