Meltdown and Spectre - Processor Speculative Execution Vulnerabilities (NI Linux Real-Time)


This article applies to NI Linux Real-Time-based controllers. For Windows-based systems, see here. VxWorks and PharLap based controllers are not impacted.

NI is aware of the side-channel analysis vulnerabilities described in CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 known as Meltdown, Spectre, and Foreshadow, affecting many modern microprocessors. We are working with our silicon suppliers and OS vendors to ensure that our products include the appropriate mitigations. Presently, we are unaware of cases where these vulnerabilities have been used maliciously.


Further Information

The Meltdown and Spectre vulnerabilities are unspecific to any one vendor and take advantage of techniques commonly used in most modern processor architectures. This means a large range of products are affected. Mitigations could include updates to both OSs and firmware (BIOS).

NI recommends customers follow security best practices to protect against exploitation of vulnerabilities. These practices include adopting software updates, avoiding unrecognized hyperlinks and websites, not downloading files or applications from unknown sources, and following secure password policies. 

NI has observed some negative system performance impact from applying the mitigations. Generally, performance degradation is in line with reports from the industry. In some cases, the impact could be significant but is specific to the application. Due to the system performance impact, these mitigations may be disabled by default

NI Linux Real-Time distributions based on LabVIEW Real-Time 2019 and later (linux kernel 4.14+RT or later and firmware version 7.0 or later) ship with several security mitigations addressing the following CVEs:

  • CVE-2017-5715 (aka. Spectre v2) 
  • CVE-2017-5754 (aka. Meltdown) 
  • CVE-2018-3620, CVE-2018-3646 (aka. L1 Terminal Fault Attack) 
  • CVE-2018-3639 (aka. Spectre v4) 

Mitigation Guidance

Depending on the NI Linux Real-Time controller, you may need to perform one or more of the following steps.

  • Apply the BIOS update provided by NI for the controller. Refer to the "Affected Products" section below.
  • Upgrade to Firmware (safemode OS) version 7.0, format, and re-install software to the controller.
  • Enable the mitigations in the operating system.  

For more information on upgrading the firmware and enabling the mitigations in the OS, please refer to Enabling Security Mitigations for Meltdown and Spectre on NI Linux Real-Time Controllers.

Affected Products

NI Linux Real-Time (Intel x64) Controller List 

A BIOS update and a Firmware update is necessary to address Meltdown, Spectre Variant 1, 2 & 4, and Foreshadow (as of 6/1/2019).

Controllers BIOS Update
PXIe-8840 QC 2.1.3f0
PXIe-8861 Ships with BIOS mitigations
PXIe-8880 2.1.2f0
cDAQ-9132 1.3.1.f0
cDAQ-9133 1.3.1.f0
cDAQ-9134 1.3.1.f0
cDAQ-9135 1.3.1.f0
cDAQ-9136 1.3.1.f0
cDAQ-9137 1.3.1.f0
cRIO-9030 1.3.3f0
cRIO-9031 1.3.3f0
cRIO-9032 1.3.3f0 WiFi
cRIO-9033 1.3.3f0
cRIO-9034 1.3.3f0
cRIO-9035 1.3.3f0
cRIO-9035 (Sync) 1.3.3f0
cRIO-9036 1.3.3f0
cRIO-9037 1.3.3f0 WiFi
cRIO-9038 1.3.3f0
cRIO-9039 1.3.3f0
cRIO-9039 (Sync) 1.3.3f0
cRIO-9040 1.2.1f0
cRIO-9042 1.2.1f0
cRIO-9043 1.2.1f0
cRIO-9045 1.2.1f0
cRIO-9047 1.2.1f0
cRIO-9048 1.2.1f0
cRIO-9048 TPM 1.2.1f0 TPM
cRIO-9049 1.2.1f0
IC-3120 1.3.1f0
IC-3121 1.3.1f0
NI CVS-1458RT 1.3.0f0
NI CVS-1459RT 1.3.0f0
IC 3171 1.1.2f0
IC 3172 1.1.2f0
IC-3173 1.1.2f0
ISC-1780 1.10.035*
ISC-1781 1.10.035*
ISC-1782 1.10.035*
ISC-1783 1.10.035*

*To upgrade your ISC hardware to BIOS version 1.10.05 contact NI Technical Support at

CompactDAQ/CompactRIO/Vision/OEM Controller (NI Linux Real-Time ARM) List

A Firmware update to 7.0 for ARM-based controllers is necessary to address Spectre Variant 1 & 2 before enabling mitigations (As of 6/1/2019).

NI roboRIO
NI ELVIS RIO Control Module


For more information on the update process, refer to Upgrading Firmware on my NI Linux Real-Time Devices and Enabling Security Mitigations for Meltdown and Spectre on NI Linux Real-Time Controllers.

Was this information helpful?