Spectre/meltdown on a GPU

First of all you would not normally expect kernel memory to be mapped in a GPU. Even if you did modern GPU's generally don't have much in the way of support for sharing memory between processes.

There have certainly been research papers on speculative execution inside of a GPU - Speculative Execution on GPU: An Exploratory Study; Liu, Eisenbeis, Gaudiot - but I don't believe it is actively done at a hardware level by any existing devices.

So whilst theoretically there is nothing to stop you building a GPU/OS setup that may allow it I doubt this is possible on any existing products.


A GPU (Graphical Processing Unit) is not vulnerable to spectre/meltdown attacks.

This is due to various reasons:

  1. A GPU is a completely differently designed processor.
  2. It does not run privileged code (e.g. kernel code).
  3. It does not run the OS.
  4. It is optimized for Vector calculations.
  5. Its micro code is build completely differently.
  6. It (most often) does not have protection for privileged code (like the execution rings on a CPU).
  7. It does not have access to the CPU's registers (directly), it does have DMA (Direct Memory Access) but so do a lot of other devices.
  8. There is only limited research on this done by security experts, so no one is sure if it's not vulnerable.
  9. As for having the same parts, those parts are either shared between many devices or nowhere similar in design. a GPU's memory or example is differently mapped than a CPU's memory (although they share an electrical standard).
  10. The DMA access should be limited to the current execution level, since the Graphics card is normally controlled by the Kernel, no user level application can directly access it. Or send code to it. (Drivers exist to facilitate user level access and to limit what they can do. As to maximize the usable features. And not blow the card up (by setting illegal settings for example).
  11. Code that can run on the GPU is highly limited in what it can execute (instruction set is limited) DMA is for example only allowed indirectly (first load it into the Graphics cards memory than access is granted and visa versa).

tldr; GPUs are not CPUs and are not designed to be multi-user / application. They have some protection against abuse but most of this is not yet tested by security experts.


Nvidia has released updates today (Jan 9 2018) dealing with the issues. So I would assume there are risks since they have created updates.

http://us.download.nvidia.com/Windows/390.65/390.65-win10-win8-win7-desktop-release-notes.pdf

Table 2.1 Security Updates for NVIDIA Software Vulnerabilities CVE ID NVIDIA Issue Number Description CVE-2017-5753 1975134 Computer systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. For more information on this issue, see the NVIDIA GPU security updates for speculative side channel Security Bulletin posted on the NVIDIA Product Security page

And specifically mentions GeForce in the aforementioned post http://nvidia.custhelp.com/app/answers/detail/a_id/4611

Affected Products

Product                | OS
GeForce, Quadro, NVS   | Windows, Linux, FreeBSD, Solaris
Tesla                  | Windows, Linux