ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

[thx-1138]

For the most part at least, i personally consider the whole thing more or less 'resolved'...at least for relatively newer processors.
Intel said patches are coming for processors made in the last 5 years by the end of the next week, so expect bios updates from your vendor anytime soon. Possibly maybe some microcode package update as well, who knows...
The kernel is being patched, firefox & chrome as well, so that was it me thinks. What remains to be seen is what the performance hit will actually be in daily scenarios...

[xenopeek]

What remains to be seen is what the performance hit will actually be in daily scenarios...

Which is personal. Most people's processors are utterly and completely bored and have nothing to do 98% of the time. It spends almost all of its time waiting for the users to do something Unless you run very I/O heavy tasks, the performance hit on kernel context switching is likely going to be no more than 5% and in practice probably unnoticeable.

From that Phoronix benchmarked so far, people with SSDs that run I/O heavy tasks are hit the hardest. Those are the same kind of tasks for which last year you would have wanted to buy an AMD processor anyway as it is better at tasks optimized for multithreading than Intel was at the time.

[ilya40umov]

BTW I'm currently running LM 18.3 with 4.10.0-42. So, can I simply rely on the security updates to eventually receive a patch for these vulnerabilities or it's actually necessary to move to a newer / different kernel?

[xenopeek]

BTW I'm currently running LM 18.3 with 4.10.0-42. So, can I simply rely on the security updates to eventually receive a patch for these vulnerabilities or it's actually necessary to move to a newer / different kernel?

That kernel is supported till February and will receive the patches. You'll see upgrade to 4.13 in Update Manager once 4.10 is out of support.

[mwbworld]

That kernel is supported till February and will receive the patches. You'll see upgrade to 4.13 in Update Manager once 4.10 is out of support.

I was wondering about the 4.13 since the recent announcement of the patched kernels releases for this latest problem (Thanks Intel!) mentioned the latest release and patches to the LTS one's like 4.4 & 4.9. I hadn't seen anything that indicate if 4.13 was getting it - especially us getting it via the usual LM updater. I assume 4.4 will happen in the usual way for us though - but that could be the elaborate webs of lies i tell myself.

[smurphos]

All of Ubuntu currently supported kernel series should be patched - 3.13, 4.4, 4.10 and 4.13.

[ArtGirl]

Am I right in understanding 4.11 won't be patched? Concerned too, incase art is affected, and some (large) games, if it's necessary to upgrade to a higher kernel plus effect of the patch. Krita needs system specs I have, as below, especially for large, high resolution, multi-layered work.

[rene]

Am I right in understanding 4.11 won't be patched? Concerned too, incase art is affected, and some (large) games, if it's necessary to upgrade to a higher kernel plus effect of the patch.

There will be no 4.11 updates, neither from Ubuntu nor directly from upstream. Ubuntu kernel series that will get the KTPI patches are per smurphos just above 3.13, 4.4, 4.10 and 4.13; upstream series are per further up above 3.2, 3.16, 3.18, 4.4, 4.9, and 4.14+. "Art" is a little broad but would together with games appear the exact type of load which is, at worst, only very minimally affected by slowdowns caused by these patches; both are user space loads that don't call on the kernel for many things. A kernel upgrade is also otherwise generally very easy and uneventful when done through the Update Manager. Just apply the update once available.

[ArtGirl]

Am I right in understanding 4.11 won't be patched? Concerned too, incase art is affected, and some (large) games, if it's necessary to upgrade to a higher kernel plus effect of the patch.

There will be no 4.11 updates, neither from Ubuntu nor directly from upstream. Ubuntu kernel series that will get the KTPI patches are per smurphos just above 3.13, 4.4, 4.10 and 4.13; upstream series are per further up above 3.2, 3.16, 3.18, 4.4, 4.9, and 4.14+. "Art" is a little broad but would together with games appear the exact type of load which is, at worst, only very minimally affected by slowdowns caused by these patches; both are user space loads that don't call on the kernel for many things. A kernel upgrade is also otherwise generally very easy and uneventful when done through the Update Manager. Just apply the update once available.

Thanks rene. Appreciate the details. Am concerned, as Krita needs the full system specs I have, as below, especially for large, high resolution, multi-layered paintings. I'm not sure how much the graphics card/ram/kernel are accessed by Krita, but they recommend a large swap file, maximum ram etc as far as I know, and it does regular backups in the background. Going to ask on the Krita forum. Yes, it's nice to have a straightforward way to update; thanks for assurance.

[Arch_Enemy]

@ xenopeek, .......

Please refer to this link ... viewtopic.php?t=214607 = LM users will have to manually upgrade their kernels to the patched one, eg 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97.(kernel info, courtesy of 'rene')

I think you put in the wrong link? That's from 2 years ago and not applicable to today's situation.

.
I am running LM 17.3 Cinnamon 32bit since more than 1 year ago. I do not think I have gotten any security updates for my Linux kernel 3.13.0-107 LTS or for the default kernel 3.19 via Update Manager. Maybe, Update Manager display security updates for Linux kernels as Level 5 updates only for LM 18.x onward. Please confirm.

According to this link ... http://news.softpedia.com/news/linux-ke ... 9215.shtml , the above Linux kernels that have the KPTI patch have to be downloaded & installed from kernel.org. IOW, LM users have to wait for the LM developers for the actual release.
... My LM 17.3 system only has kernel 3.16.0-52 available. Not sure whether it has the KPTI patch. But ain't kernel 3.16 non-LTS, as per Canonical's Ubuntu.?

I'm running 4.14. LM 17.3

Sorry, 4.2. Running 4.40 on the other one.

[smurphos]

I'm running 4.14. LM 17.3

Sorry, 4.2. Running 4.40 on the other one.

4.2 has been EOL since August 17 so you'd be advised in any case to move up to 4.4 or back down to 3.13 to be offered security updates including the patch in question once released.

[michael louwe]

@ Artgirl, .......

...

.
According to this link ... https://wiki.ubuntu.com/Kernel/LTSEnablementStack , only kernel 4.4 and 4.15 are LTS = supported by Canonical-Ubuntu until 2021.

In your case, if feasible and stable(for your system), I think you should install kernel 4.13 to sooner get the KPTI patch and later install kernel 4.15, when available, to get the KPTI patch and support until 2021.
... If the kernel upgrade proves unstable, you can revert back and stay on kernel 4.11 through Grub's Advanced options and then delete the unstable kernels through Update Manager(>View >Linux kernels >Remove).

[idle]

Question: Skylake 6700HQ Intel CPU, when the new kernel with the fix is available, what happens if you don't upgrade? Is it feasibly possible that a casual user will be unaffected by this? or is this something everyone needs to upgrade because its serious?

[michael louwe]

@ idle, .......

Question: Skylake 6700HQ Intel CPU, when the new kernel with the fix is available, what happens if you don't upgrade? Is it feasibly possible that a casual user will be unaffected by this? or is this something everyone needs to upgrade because its serious?

.
It's serious and computer users should upgrade/update, but should also wait awhile to see how every thing settles/concludes, eg the KPTI patch may brick certain computers, Intel may issue a better patch for Meltdown, new information may come out, etc.

AFAIK, if casual users do not apply the KPTI patch by updating their Linux kernels, whenever they go online, they will risk hackers being able to secretly read their private data in RAM(= passwords, encryption keys, etc). With such data in hand, the hackers can perform further exploits on the exposed computers, eg recruiting coin-mining botnets or email-spam-bots, impersonation/phishing, financial fraud(credit card/online bank acct), ransomware infection, etc. Of course, the greedy hackers will prefer high-value targets from their Meltdown hacking, eg rich folks, celebrities, politicians, CEOs, etc.

[Faust]

...... wait awhile to see how every thing settles .....

Wise words .... a breath of fresh air !
The internet is currently awash with " headless chicken " mentality .

Users should keep in mind that this vulnerability may lead to a possible memory leak .
Hackers are not going to get any elevation of privileges out of it .

[ArtGirl]

@ Artgirl, .......

...

.
According to this link ... https://wiki.ubuntu.com/Kernel/LTSEnablementStack , only kernel 4.4 and 4.15 are LTS = supported by Canonical-Ubuntu until 2021.

In your case, if feasible and stable(for your system), I think you should install kernel 4.13 to sooner get the KPTI patch and later install kernel 4.15, when available, to get the KPTI patch and support until 2021.
... If the kernel upgrade proves unstable, you can revert back and stay on kernel 4.11 through Grub's Advanced options and then delete the unstable kernels through Update Manager(>View >Linux kernels >Remove).

Thank you very much, michael louwe, for such a clear and reassuring overview of what to do. Krita responded quickly but are unsure of the % of time spent in syscalls vs userspace, so it is great to be able to test run 4.13. I'll do that today, and thank you again.

[Spearmint2]

I suppose I better fire off a letter to Intel to let them know where to ship the replacement for the defective processor they sold me.

LOL, so glad I exclusively use AMD. If this is based on swap file usage too, then that's not a problem for me. I almost never get past 4GB installed RAM anyway. The biggest wasted space on my hard drive is the swap partition.

[Spearmint2]

I'd hate to have the fact that this problem is likely exceedingly hard to exploit in a useful manner in the first place drop from the thread so please consider that remarked upon again also...

Yes. I find this more as something interesting, but not distressing for the average home user. For mainline servers, then of course.

[Spearmint2]

Good podcast (Security Now) where this issue is explained - it starts about at 33:30 although the first topic about browser security is also worth listening to.
https://twit.tv/shows/security-now/epis ... tart=false
AMD has taken a few hits here at times, unfairly IMHO, but I have never had any issues with either my AMD CPU or graphics card and at the moment glad I run AMD on my rig.

Agree. I see you are at NC. Just got a call from my daughter down there at Camp Le Jeune about all that snow. She's a sergeant and range instructor, teaching your new marines how to shoot their M-16's. If you do any time at the range, may have run into her.

[Spearmint2]

What the Linux Mint position on that? When will we receive that update?

I checked for 17.3 yesterday, said I was all updated, so not there yet.