Meltdown, Spectre and Connext DDS

At the beginning of 2018, the computing world was witness to the publication of the Meltdown and Spectre vulnerabilities which affect a wide range of systems all over the world. Exploits of these vulnerabilities target specific behavior of the hardware (not the OS, nor program code) in order to read privileged information. For detailed information, please refer to website, the Google Project Zero blogpost, or consult the OS and chip vendors information on Meltdown and Spectre.


Meltdown (identified as CVE-2017-5754) highlights a vulnerability in how the processor makes use of speculative execution, out-of-order execution and memory caching. To exploit this vulnerability, an attacker must be able to execute code on the system. In doing so, an attacker may be able to read kernel memory.

It is important to note that exploiting Meltdown is not an attack to other (user-space) programs, such as Connext DDS-based applications. It is an attack on the system itself. Because of this, chip and OS vendors recommend to patch the operating system. For example, the Linux kernel patch implements the so-called KAISER / KPTI (Kernel Page Table Isolation) fix.

The performance impact from applying the patch depends on your application. In our testing, using the RTI Connext DDS Performance Test (PerfTest), we have observed a performance penalty of 2.5% up to 5% in latency and throughput.


Spectre refers to two vulnerabilities (identified as CVE-2017-5715 and CVE-2017-5753) in how the processor uses speculative execution, branch prediction and memory caching. When exploiting these vulnerabilities an attacker could read the memory address space of another process and therefore any sensitive information it may hold.

Unlike Meltdown, Spectre also impacts application execution code. Some compiler vendors are updating their compilers to harden software against future exploitation of Spectre, e.g., by employing a technique called retpoline. Contact RTI Support to inquire about platform support for specific compiler and compiler versions.