How to update your kernel for Meltdown and Spectre

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
User avatar
Termy
Level 5
Level 5
Posts: 762
Joined: Mon Sep 04, 2017 8:49 pm
Location: UK
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by Termy » Mon Feb 19, 2018 2:37 pm

Thank you for sharing that. Hopefully it helps someone. However, I already knew this, but prefer to stick with the standard Ubuntu repositories. :) Hence why I'm sticking with 4.4 until the bug is fixed in 4.13, if it ever will be. xD
Here to help.

I'm LearnLinux (LL) on YouTube: https://www.youtube.com/channel/UCfp-lN ... naEE6NtDSg
I'm also terminalforlife (TFL) on GitHub: https://github.com/terminalforlife

oldgranola
Level 3
Level 3
Posts: 187
Joined: Fri Sep 05, 2014 1:39 am

Re: How to update your kernel for Meltdown and Spectre

Post by oldgranola » Mon Feb 19, 2018 2:42 pm

Termy wrote:
Mon Feb 19, 2018 7:52 am
oldgranola wrote:Can we clarify please?
Meltdown and Spectre are very serious, scary security vulnerabilties, at a hardware level, but patches to things like kernels and browsers help to mitigate these security holes. The 4.8 and 4.10 releases are not LTS and so haven't been given priority for these patches. However, 4.4 and 4.13 are and have. It's therefore strongly recommend that users stick with 4.4 or 4.8. I personally use 4.4, and will do until 4.13 has its VirtualBox crash bug solved. These issues extend far beyond that of Linux Mint.
Sorry if I was unclear. I was not asking what the vulnerabilities were, that's obvious. I was asking what exactly are the recommended kernels as the written advice on this website seem to conflict between the blog.linuxmint vs this thread. Your "4.4 and 4.8" need another decimal and something behind the -dash. Also, an explanation as to exactly which distros they apply to. Both recommended kernels in the OP of this thread relating to 17.x cinnamon crash my 17.3 cinnamon on the hardware I specified above. Can someone please clarify that?
comadore, pcDOS, hpux, solaris, vms-vax ....blah blah blah..
Yet I'm still a fn nooob

User avatar
Termy
Level 5
Level 5
Posts: 762
Joined: Mon Sep 04, 2017 8:49 pm
Location: UK
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by Termy » Mon Feb 19, 2018 3:23 pm

I mentioned Meltdown and Spectre as a primer for the rest of the paragraph, just in-case you weren't aware of it. You'll be fine with a kernel which is spectre and Meltdown patched, such as 4.4 or 4.13. As for the decimal thing, I'm showing the major and minor versions, the rest is implied. Use the latest patch. I suppose I could say 4.4.0 and 4.13.0. So, for me, I'm on 4.4.0-112-generic. It sounds like what you're asking for is confirmation from a Mint developer, as to what they think would be a good choice.
Spearmint2 wrote:
Wed Jan 10, 2018 1:56 pm
No older program will have such exploits in them, since knowledge of such capability wasn't know when they were published.
Not sure if this has already been mentioned, but, you're forgetting that programs change; they get updated and can otherwise be (maliciously) modified. You cannot guarantee the above at all, at least not for all older software.
Here to help.

I'm LearnLinux (LL) on YouTube: https://www.youtube.com/channel/UCfp-lN ... naEE6NtDSg
I'm also terminalforlife (TFL) on GitHub: https://github.com/terminalforlife

User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1282
Joined: Tue Apr 26, 2016 3:28 pm

Re: How to update your kernel for Meltdown and Spectre

Post by Arch_Enemy » Mon Feb 19, 2018 7:07 pm

oldgranola wrote:
Sun Feb 18, 2018 4:20 pm
Really confused on which kernel to use.
I am currently on LM17.3 64b. kernel 4.2.0-30. The top post in this thread says:
I dunno about your kernel, but I like your sig. I followed about the same path except for the Commodore and HPUX. VMS and PCDOS for sure.

And I'm still a fn noob, too! ;)
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~28G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.

User avatar
gld59
Level 2
Level 2
Posts: 61
Joined: Thu Nov 30, 2017 11:05 pm
Location: Australia

Re: How to update your kernel for Meltdown and Spectre

Post by gld59 » Mon Feb 19, 2018 10:30 pm

oldgranola wrote:
Mon Feb 19, 2018 2:42 pm
as the written advice on this website seem to conflict between the blog.linuxmint vs this thread.
That's just timing. New kernels were shoved out the door as soon as particular patches were written, so the "current" kernels changed several times during mid to late January. The current version listed in a particular blog/forum post therefore depends on which day the post was written. The only kernel series being updated in Linux Mint are the LTS and HWE series for each currently supported version of Mint. For 18.x they are 4.4 and 4.13 (until 4.13 is replaced by 4.15 in the next few months). However for 17.x they are 3.13 and 4.4.

Just search through the kernels available to you in Update Manager, looking for the highest number after the hyphen in either 4.4.0-xxx (the final HWE series in 17.x, replacing your 4.2 series) or 3.13.0-xxx (the original kernel series for 17.x, and the series 17.0 and 17.1 shipped with). Note that in your version of Mint the lists of kernels are in alphabetical order, not numerical order, so all the -1xx kernels will be up near the top, before any -20 to -99 numbers. (This was fixed in Mint 18.2, so that kernels in 18.2 and 18.3 are listed in reverse numerical order.)

Also note that in the unlikely but possible event that 4.4 causes problems for you, you will have to use the grub menu to select an earlier kernel to boot from. Grub will default to the newest kernel from the newest kernel series (so even if you install the latest 3.13, it will default to any 4.4 you install, or even the existing 4.2). Once you were happy that 3.13 was working for you, you could then uninstall the unwanted kernels from later series.

oldgranola
Level 3
Level 3
Posts: 187
Joined: Fri Sep 05, 2014 1:39 am

Re: How to update your kernel for Meltdown and Spectre

Post by oldgranola » Tue Feb 20, 2018 11:31 am

Thank you both. I see, the last digit in the kernel number isn't so material. In order to use 4.4 I'll have to learn to make the generic graphics driver work as fglrx isn't supported. I submitted a question to that effect on the 'hardware' section. Cheers
comadore, pcDOS, hpux, solaris, vms-vax ....blah blah blah..
Yet I'm still a fn nooob

User avatar
dave8671
Level 3
Level 3
Posts: 139
Joined: Sat Jul 23, 2016 7:04 pm

Re: How to update your kernel for Meltdown and Spectre

Post by dave8671 » Sun Feb 25, 2018 10:45 pm

Does anyone know if this kernel linux-hwe (4.13.0-36.40~16.04.1) xenial is just an update or part of the Intel issue? It popped on update manager.

User avatar
AZgl1500
Level 9
Level 9
Posts: 2859
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by AZgl1500 » Sun Feb 25, 2018 10:56 pm

by dave8671 » Sun Feb 25, 2018 8:45 pm
Does anyone know if this kernel linux-hwe (4.13.0-36.40~16.04.1) xenial is just an update or part of the Intel issue? It popped on update manager.
I saw that a few days ago, but it is a Level 4 item and I decided not to do anything with it until I hear definitive info on the subject.

Thanks for bringing this up.

I have update manager set to show all levels, but only auto-check 1, 2, and 3 is visible but not checked.
Plus I refuse to ever allow anything to Auto-Update....

I want to know when things change.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1827
Joined: Thu Jan 04, 2018 1:00 pm

Re: How to update your kernel for Meltdown and Spectre

Post by Sir Charles » Mon Feb 26, 2018 5:10 am

dave8671 wrote:
Sun Feb 25, 2018 10:45 pm
Does anyone know if this kernel linux-hwe (4.13.0-36.40~16.04.1) xenial is just an update or part of the Intel issue? It popped on update manager.
If my understanding is correct, this latest kernel has the mitigation for all the 3 vulnerabilities, Meltdown and Spectre 1&2. Once installed, you can verify this by running grep . /sys/devices/system/cpu/vulnerabilities/* in a terminal.
It should give some output like the following:

Code: Select all

grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
xenopeek
Level 24
Level 24
Posts: 23193
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: How to update your kernel for Meltdown and Spectre

Post by xenopeek » Mon Feb 26, 2018 6:02 am

Whenever in doubt refer back to the status on https://wiki.ubuntu.com/SecurityTeam/Kn ... itigations. I've updated the first post in this topic.

The latest kernel updates include the retpoline mitigation in the kernel for variant 2. This protects the kernel, not other programs! See the retpoline FAQ for more info: https://wiki.ubuntu.com/SecurityTeam/Kn ... #Retpoline.

The kernel security update fixes more than just retpoline. It's recommended to always install all available security updates. Use Timeshift to keep snapshots of your operating system so you can revert an update if it causes a problem.

In short:
  • Linux Mint 18.x users should be using kernel 4.13.0-36 or 4.4.0-116 or newer (higher number than -36 or -116 respectively at the end) and NOT continue to use any 4.8.x, 4.10.x or 4.11.x kernels.
  • Linux Mint 17.x users should be using kernel 4.4.0-116 or 3.13.0-142 or newer (higher number than -116 or -142 respectively at the end) and NOT continue to use any 3.16.x, 3.19.x or 4.2.x kernels.
3.13.x kernels do not currently have the retpoline mitigation.
Image

oliverjames
Level 4
Level 4
Posts: 290
Joined: Fri Aug 10, 2007 3:00 am
Location: Divonne-les-Bains, France

Re: How to update your kernel for Meltdown and Spectre

Post by oliverjames » Wed Feb 28, 2018 6:47 am

xenopeek wrote:
Wed Jan 10, 2018 6:24 am
Instructions for Linux Mint 18.3 and 18.2:
  • From Update Manager's View menu open Linux kernels, select 4.13 in the left sidebar and at the right you should see version 4.13.0-36 or newer (a higher number than 36 at the end). That should show as installed and in the top of the window it should be shown as currently used. If not, install it and reboot your system to load the new kernel. As an alternative you may use 4.4.0-116 or newer (a number higher than 116 at the end).
  • If it booted fine and everything seems to work you can remove other kernels from View > Linux kernels menu. If it didn't boot fine you can boot your previous kernel through GRUB boot menu (hold down shift key during boot if GRUB menu is not shown during boot).
  • In the list of available updates you may see level 4 security upgrades for linux-libc-dev (it may be for a lower version number than your kernel, which is fine and as expected). You should install all security updates.
My 18.2 installation is recommending 4.4.0-21 in the kernel management console. Would be good to change that in the light of the opening advice.

Cosmo.
Level 23
Level 23
Posts: 17824
Joined: Sat Dec 06, 2014 7:34 am

Re: How to update your kernel for Meltdown and Spectre

Post by Cosmo. » Wed Feb 28, 2018 6:57 am

Please do in general avoid full quotes. Everybody can read the original post. A full quote is especially in this thread, where xenopeek (as the starting poster and as admin) can at every day edit the starting post to include the latest information (as he did at last 2 days ago). As soon as he does this, your full quote will possibly get partially wrong, at least outdated. Besides that it is annoying to force the readers to scroll endlessly just to find a single line of your own message.

User avatar
Moem
Level 17
Level 17
Posts: 7182
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by Moem » Wed Feb 28, 2018 7:18 am

Cosmo. wrote:
Wed Feb 28, 2018 6:57 am
it is annoying to force the readers to scroll endlessly just to find a single line of your own message.
Hear, hear.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

DAMIEN1307
Level 6
Level 6
Posts: 1211
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico, USA

Re: How to update your kernel for Meltdown and Spectre

Post by DAMIEN1307 » Wed Feb 28, 2018 7:22 am

hi oliverjames...in answer to your question...yes, change the kernel to kernel 4.13.0-36 or 4.4.0-116 on your 18.2 mint...4.4.0-116 is the LTS kernel...4.13 0-36 is the HWE kernel...these kernels contain the mitigations for spectre/meltdown situation...the others do not...DAMIEN
ORDO AB CHAO

User avatar
AZgl1500
Level 9
Level 9
Posts: 2859
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by AZgl1500 » Wed Feb 28, 2018 6:30 pm

DAMIEN1307 wrote:
Wed Feb 28, 2018 7:22 am
.4.4.0-116 is the LTS kernel...4.13 0-36 is the HWE kernel...these kernels contain the mitigations for spectre/meltdown situation...the others do not...DAMIEN
Is there a specific reason to choose one of these kernels over the other one?

IE, I am now using the 4.13.0-36-generic kernel, is it better than, or just equal to the 4.4.0-116 kernel?

User avatar
Pjotr
Level 20
Level 20
Posts: 11053
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by Pjotr » Wed Feb 28, 2018 6:44 pm

AZgl1500 wrote:
Wed Feb 28, 2018 6:30 pm
DAMIEN1307 wrote:
Wed Feb 28, 2018 7:22 am
.4.4.0-116 is the LTS kernel...4.13 0-36 is the HWE kernel...these kernels contain the mitigations for spectre/meltdown situation...the others do not...DAMIEN
Is there a specific reason to choose one of these kernels over the other one?

IE, I am now using the 4.13.0-36-generic kernel, is it better than, or just equal to the 4.4.0-116 kernel?
Doesn't matter. Both are good. :)
Tip: 10 things to do after installing Linux Mint 19 Tara
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
michael louwe
Level 9
Level 9
Posts: 2881
Joined: Sun Sep 11, 2016 11:18 pm

Re: How to update your kernel for Meltdown and Spectre

Post by michael louwe » Thu Mar 01, 2018 4:46 am

@ AZgl1500, .......
AZgl1500 wrote:
Wed Feb 28, 2018 6:30 pm
Is there a specific reason to choose one of these kernels over the other one?

IE, I am now using the 4.13.0-36-generic kernel, is it better than, or just equal to the 4.4.0-116 kernel?
.
HWE = Hardware Enablement.

In general, a newer kernel is more compatible with newer hardware/computers. Also, there are LTS kernels for each generation of hardware, eg LTS kernels 3.13, 4.4 and the coming 4.15.
....... So, a newly computer with the 7th-gen Intel KabyLake processor has to run Linux kernel 4.13 and not 4.4, and later upgrade to LTS kernel 4.15.

A computer with the 5th-gen Intel Broadwell processor or earlier should be running Linux kernel 4.4 LTS and not 4.13.

User avatar
AZgl1500
Level 9
Level 9
Posts: 2859
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: How to update your kernel for Meltdown and Spectre

Post by AZgl1500 » Thu Mar 01, 2018 5:08 am

michael louwe wrote:
Thu Mar 01, 2018 4:46 am
.
HWE = Hardware Enablement.

In general, a newer kernel is more compatible with newer hardware/computers. Also, there are LTS kernels for each generation of hardware, eg LTS kernels 3.13, 4.4 and the coming 4.15.
....... So, a newly computer with the 7th-gen Intel KabyLake processor has to run Linux kernel 4.13 and not 4.4, and later upgrade to LTS kernel 4.15.

A computer with the 5th-gen Intel Broadwell processor or earlier should be running Linux kernel 4.4 LTS and not 4.13.
Thank you, this is the answer I was looking for.
Still very much new to Linux, scrambling for knowledge.

ginahoy
Level 3
Level 3
Posts: 173
Joined: Sun May 28, 2017 3:15 pm

Re: How to update your kernel for Meltdown and Spectre

Post by ginahoy » Sun Mar 11, 2018 10:22 pm

michael louwe wrote:
Thu Mar 01, 2018 4:46 am
...there are LTS kernels for each generation of hardware, eg LTS kernels 3.13, 4.4 and the coming 4.15. ....... So, a newly computer with the 7th-gen Intel KabyLake processor has to run Linux kernel 4.13 and not 4.4, and later upgrade to LTS kernel 4.15.
I just scanned through this thread, whew! I have a question...
I'm running LM 18.2, and I've been troubleshooting an issue with my Plex Media Server over in the Plex forum and I'm being told I need to upgrade to LM 18.3. I pointed out that 18.2 is supported through 2021, but I noticed that my Kernel (4.13) is already out of support.

I have 7700K CPU. Can I go ahead and upgrade to 4.15? I wasn't sure because Update Manager isn't showing me 4.15, and the above quote, which was posted March 1, refers to 'the coming 4.15'. Yet according to the Linux Kernel page @ wikipedia, 4.15 was published January 28 :?
Linux Mint 18.2 Xfce x64 | ASRock Z270 Extreme4 | Core i7 7700K | Cryorig H7 cooler| 32GB DDR4 2400| modded legacy Evercase LE4252 | EVGA 450W B3 | Samsung 850 EVO SSD

User avatar
smurphos
Level 8
Level 8
Posts: 2215
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: How to update your kernel for Meltdown and Spectre

Post by smurphos » Mon Mar 12, 2018 12:51 am

ginahoy wrote:
Sun Mar 11, 2018 10:22 pm
....but I noticed that my Kernel (4.13) is already out of support.

I have 7700K CPU. Can I go ahead and upgrade to 4.15? I wasn't sure because Update Manager isn't showing me 4.15, and the above quote, which was posted March 1, refers to 'the coming 4.15'. Yet according to the Linux Kernel page @ wikipedia, 4.15 was published January 28 :?
4.13 is still supported by Ubuntu and will be until August 18. After that update manager should automatically offer an Ubuntu supported 4.15 kernel when a security update is needed. An Ubuntu supported 4.15 will likely appear in update manager a few months before August as an option in the Kernel lists but won't be pushed until 4.13 support ends.

The kernel support schedule for Ubuntu supported kernels (the ones offered by update manager) is here - https://wiki.ubuntu.com/Kernel/Support# ... el_Support

When looking at info on the web about support for any particular kernel version you need to distinguish between information talking about 'support from kernel.org' or 'support from Ubuntu'.

Post Reply

Return to “Newbie Questions”