January 11, 2018 // 10:56 a.m.
Nvidia's share price is recovering from a dip caused by the Spectre speculative execution security vulnerability - an issue by which, ironically, the company's primary products are not troubled.
Following the early disclosure of the vulnerabilities now known as Meltdown and Spectre, which abuse performance-boosting speculative execution techniques in most modern central processors to gain access to otherwise-protected portions of kernel memory containing privileged information including passwords, Nvidia confirmed it was investigating the flaw. The release of a security bulletin for its GeForce Experience (GFE) software bundle on Tuesday, though, had the financial market in a spin when it looked like the company was patching its graphics products to protect against the vulnerability - an apparent admission that the issue extends beyond CPUs.
Following the subsequent dip in share price, Nvidia's Jensen Huang clarified matters: 'Our GPUs are immune. They’re not affected by these security issues,' Huang told attendees at a press briefing during the Consumer Electronics Show (CES) late last night. 'What we did is we released driver updates to patch the CPU security vulnerability. We are patching the CPU vulnerability the same way that Amazon, the same way that SAP, the same way that Microsoft et cetera are patching, because we have software as well. I am absolutely certain that our GPU [product range] is not affected.'
The confirmation that GPUs are not subject to the Spectre flaw, and that the GFE security bulletin was simply a release which follows researchers recommendations that individual software packages be recompiled with protections against exploitation through the CPU's vulnerability, has reassured investors: Nvidia's share price has recovered from its dip, closing 0.78 percent up for the day.
Nvidia's updated security bulletin for the Spectre vulnerability can be found on the company's official support portal. The company warns, however, that selected models in its Tegra Arm-based system-on-chip (SoC) family will require patching for the Spectre and Meltdown Variant 3a vulnerabilities.