Will the Spectre mitigations introduced in 384.111 and 390.12 be backported to the 340 branch?
I certainly hope so, since http://nvidia.custhelp.com/app/answers/detail/a_id/3142 (“Support timeframes for Unix legacy GPU releases”, Updated 03/27/2014 11:22 AM)
“The Linux 340.* legacy driver series is the last to support the G8x, G9x, and GT2xx GPUs, and motherboard chipsets based on them. Support for new Linux kernels and X servers, as well as fixes for critical bugs, will be included in 340.* legacy releases through the end of 2019.”
So almost two years of support left on the 340 branch…?
As of a few hours ago the 340 driver caused an interesting error while installing on Ubuntu 16.04-hwe kernels. As in, failed to build the module. There should be an Ubuntu bug report on it somewhere… or several dozen of those…
9 days past after the planned disclosure date, still no response regarding this critical security vulnerability. Seems that “support” for this branch is bullshit.
The vulnerability is in the CPU and not GPU. The GPU itself is not vulnerable. So if you have the most recent kernel from 4.4 or 4.9 or 4.14 branch, you are already protected. That’s probably what you should be concentrating on updating.
The mainline nvidia drivers (384/390) was only patched to not exploit the CPU vulnerability. WebKit was patched as well. This is basically just an additional step for people who could not get updated kernels.
Installing the latest microcode or firmware for your CPU is also a must in this case since it should theoretically solve this issue altogether.
In short, if you are running a patched kernel and up to date microcode, you should be already fully protected and software including nvidia drivers only need to patched to play well with the new kernel behavior. According to this link, they already are.
I hope that explained it a bit.