Logo: Fujitsu and home icon
    Download trial version
    Fujitsu Logo

      Spectre and Meltdown are unlikely to exploit the operating system through PostgreSQL. However, the hardware patch can slow down performance. 

      The Meltdown and Spectre bugs are hardware vulnerabilities that affect Intel x86 microprocessors and some ARM-based microprocessors. The bugs exploit a race condition between memory access and privilege checks to allow a rogue process to read all memory regardless of its authorisation.

      They are not specifically a problem for FUJITSU Enterprise Postgres or PostgreSQL because FUJITSU Enterprise Postgres is fully compatible with PostgreSQL and does not differ from PostgreSQL in allowing operating system access. However, they are a problem for any vulnerable processors running an operating system that has not been patched for these bugs.

      Therefore operating system patches have been released to deal with the bugs.

      Implementing these operating system patches to protect against the bugs in the microprocessor design will result in a level of performance degradation in PostgreSQL, and FUJITSU Enterprise Postgres. These patches introduce a performance overhead that has been quoted as being between 5% and 30% however benchmarks seem to suggest around 7% but could be as high as 14% on a busy server.

      No security patches are planned by the PostgreSQL community.

      As stated above, the Spectre and Meltdown bugs exploit access to the operating system, which is not possible through PostgreSQL unless the user has super user access and utilises untrusted PL languages.

      Mirroring Controller white paper

      Call our experts at postgresql@fast.au.fujitsu.com if you would like to assess your database support arrangements or review our 24/7 PostgreSQL Support Plans.

      Topics: PostgreSQL, PostgreSQL 10, Spectre and Meltdown Bugs

      Receive our blog

      Receive notification of PostgreSQL-based articles for business and technical audiences.

      Search by topic

      see all >

      Read our latest blogs

      Read our most recent articles regarding all aspects of PostgreSQL and FUJITSU Enterprise Postgres.