How to update your kernel for Meltdown and Spectre
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Re: How to update your kernel for Meltdown and Spectre
Thank you for sharing that. Hopefully it helps someone. However, I already knew this, but prefer to stick with the standard Ubuntu repositories. Hence why I'm sticking with 4.4 until the bug is fixed in 4.13, if it ever will be. xD
I'm also Terminalforlife on GitHub.
-
- Level 5
- Posts: 564
- Joined: Fri Sep 05, 2014 1:39 am
Re: How to update your kernel for Meltdown and Spectre
Sorry if I was unclear. I was not asking what the vulnerabilities were, that's obvious. I was asking what exactly are the recommended kernels as the written advice on this website seem to conflict between the blog.linuxmint vs this thread. Your "4.4 and 4.8" need another decimal and something behind the -dash. Also, an explanation as to exactly which distros they apply to. Both recommended kernels in the OP of this thread relating to 17.x cinnamon crash my 17.3 cinnamon on the hardware I specified above. Can someone please clarify that?Termy wrote: ⤴Mon Feb 19, 2018 7:52 amMeltdown and Spectre are very serious, scary security vulnerabilties, at a hardware level, but patches to things like kernels and browsers help to mitigate these security holes. The 4.8 and 4.10 releases are not LTS and so haven't been given priority for these patches. However, 4.4 and 4.13 are and have. It's therefore strongly recommend that users stick with 4.4 or 4.8. I personally use 4.4, and will do until 4.13 has its VirtualBox crash bug solved. These issues extend far beyond that of Linux Mint.oldgranola wrote:Can we clarify please?
comadore, pcDOS, hpux, solaris, vms-vax ....blah blah blah..
Yet I'm still a fn nooob
Yet I'm still a fn nooob
Re: How to update your kernel for Meltdown and Spectre
I mentioned Meltdown and Spectre as a primer for the rest of the paragraph, just in-case you weren't aware of it. You'll be fine with a kernel which is spectre and Meltdown patched, such as 4.4 or 4.13. As for the decimal thing, I'm showing the major and minor versions, the rest is implied. Use the latest patch. I suppose I could say 4.4.0 and 4.13.0. So, for me, I'm on 4.4.0-112-generic. It sounds like what you're asking for is confirmation from a Mint developer, as to what they think would be a good choice.
Not sure if this has already been mentioned, but, you're forgetting that programs change; they get updated and can otherwise be (maliciously) modified. You cannot guarantee the above at all, at least not for all older software.Spearmint2 wrote: ⤴Wed Jan 10, 2018 1:56 pmNo older program will have such exploits in them, since knowledge of such capability wasn't know when they were published.
I'm also Terminalforlife on GitHub.
- Arch_Enemy
- Level 6
- Posts: 1491
- Joined: Tue Apr 26, 2016 3:28 pm
Re: How to update your kernel for Meltdown and Spectre
I dunno about your kernel, but I like your sig. I followed about the same path except for the Commodore and HPUX. VMS and PCDOS for sure.oldgranola wrote: ⤴Sun Feb 18, 2018 4:20 pm Really confused on which kernel to use.
I am currently on LM17.3 64b. kernel 4.2.0-30. The top post in this thread says:
And I'm still a fn noob, too!
I have travelled 37629424162.9 miles in my lifetime
One thing I would suggest, create a partition as a 50G partition as /. Partition the rest as /Home. IF the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
One thing I would suggest, create a partition as a 50G partition as /. Partition the rest as /Home. IF the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
Re: How to update your kernel for Meltdown and Spectre
That's just timing. New kernels were shoved out the door as soon as particular patches were written, so the "current" kernels changed several times during mid to late January. The current version listed in a particular blog/forum post therefore depends on which day the post was written. The only kernel series being updated in Linux Mint are the LTS and HWE series for each currently supported version of Mint. For 18.x they are 4.4 and 4.13 (until 4.13 is replaced by 4.15 in the next few months). However for 17.x they are 3.13 and 4.4.oldgranola wrote: ⤴Mon Feb 19, 2018 2:42 pmas the written advice on this website seem to conflict between the blog.linuxmint vs this thread.
Just search through the kernels available to you in Update Manager, looking for the highest number after the hyphen in either 4.4.0-xxx (the final HWE series in 17.x, replacing your 4.2 series) or 3.13.0-xxx (the original kernel series for 17.x, and the series 17.0 and 17.1 shipped with). Note that in your version of Mint the lists of kernels are in alphabetical order, not numerical order, so all the -1xx kernels will be up near the top, before any -20 to -99 numbers. (This was fixed in Mint 18.2, so that kernels in 18.2 and 18.3 are listed in reverse numerical order.)
Also note that in the unlikely but possible event that 4.4 causes problems for you, you will have to use the grub menu to select an earlier kernel to boot from. Grub will default to the newest kernel from the newest kernel series (so even if you install the latest 3.13, it will default to any 4.4 you install, or even the existing 4.2). Once you were happy that 3.13 was working for you, you could then uninstall the unwanted kernels from later series.
-
- Level 5
- Posts: 564
- Joined: Fri Sep 05, 2014 1:39 am
Re: How to update your kernel for Meltdown and Spectre
Thank you both. I see, the last digit in the kernel number isn't so material. In order to use 4.4 I'll have to learn to make the generic graphics driver work as fglrx isn't supported. I submitted a question to that effect on the 'hardware' section. Cheers
comadore, pcDOS, hpux, solaris, vms-vax ....blah blah blah..
Yet I'm still a fn nooob
Yet I'm still a fn nooob
Re: How to update your kernel for Meltdown and Spectre
Does anyone know if this kernel linux-hwe (4.13.0-36.40~16.04.1) xenial is just an update or part of the Intel issue? It popped on update manager.
- AZgl1800
- Level 20
- Posts: 11145
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: How to update your kernel for Meltdown and Spectre
I saw that a few days ago, but it is a Level 4 item and I decided not to do anything with it until I hear definitive info on the subject.by dave8671 » Sun Feb 25, 2018 8:45 pm
Does anyone know if this kernel linux-hwe (4.13.0-36.40~16.04.1) xenial is just an update or part of the Intel issue? It popped on update manager.
Thanks for bringing this up.
I have update manager set to show all levels, but only auto-check 1, 2, and 3 is visible but not checked.
Plus I refuse to ever allow anything to Auto-Update....
I want to know when things change.
Re: How to update your kernel for Meltdown and Spectre
If my understanding is correct, this latest kernel has the mitigation for all the 3 vulnerabilities, Meltdown and Spectre 1&2. Once installed, you can verify this by running
grep . /sys/devices/system/cpu/vulnerabilities/*
in a terminal.It should give some output like the following:
Code: Select all
grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: OSB (observable speculation barrier, Intel v6)
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
Re: How to update your kernel for Meltdown and Spectre
Whenever in doubt refer back to the status on https://wiki.ubuntu.com/SecurityTeam/Kn ... itigations. I've updated the first post in this topic.
The latest kernel updates include the retpoline mitigation in the kernel for variant 2. This protects the kernel, not other programs! See the retpoline FAQ for more info: https://wiki.ubuntu.com/SecurityTeam/Kn ... #Retpoline.
The kernel security update fixes more than just retpoline. It's recommended to always install all available security updates. Use Timeshift to keep snapshots of your operating system so you can revert an update if it causes a problem.
In short:
The latest kernel updates include the retpoline mitigation in the kernel for variant 2. This protects the kernel, not other programs! See the retpoline FAQ for more info: https://wiki.ubuntu.com/SecurityTeam/Kn ... #Retpoline.
The kernel security update fixes more than just retpoline. It's recommended to always install all available security updates. Use Timeshift to keep snapshots of your operating system so you can revert an update if it causes a problem.
In short:
- Linux Mint 18.x users should be using kernel 4.13.0-36 or 4.4.0-116 or newer (higher number than -36 or -116 respectively at the end) and NOT continue to use any 4.8.x, 4.10.x or 4.11.x kernels.
- Linux Mint 17.x users should be using kernel 4.4.0-116 or 3.13.0-142 or newer (higher number than -116 or -142 respectively at the end) and NOT continue to use any 3.16.x, 3.19.x or 4.2.x kernels.
-
- Level 4
- Posts: 418
- Joined: Fri Aug 10, 2007 3:00 am
- Location: Divonne-les-Bains, France
Re: How to update your kernel for Meltdown and Spectre
My 18.2 installation is recommending 4.4.0-21 in the kernel management console. Would be good to change that in the light of the opening advice.xenopeek wrote: ⤴Wed Jan 10, 2018 6:24 amInstructions for Linux Mint 18.3 and 18.2:
- From Update Manager's View menu open Linux kernels, select 4.13 in the left sidebar and at the right you should see version 4.13.0-36 or newer (a higher number than 36 at the end). That should show as installed and in the top of the window it should be shown as currently used. If not, install it and reboot your system to load the new kernel. As an alternative you may use 4.4.0-116 or newer (a number higher than 116 at the end).
- If it booted fine and everything seems to work you can remove other kernels from View > Linux kernels menu. If it didn't boot fine you can boot your previous kernel through GRUB boot menu (hold down shift key during boot if GRUB menu is not shown during boot).
- In the list of available updates you may see level 4 security upgrades for linux-libc-dev (it may be for a lower version number than your kernel, which is fine and as expected). You should install all security updates.
Re: How to update your kernel for Meltdown and Spectre
Please do in general avoid full quotes. Everybody can read the original post. A full quote is especially in this thread, where xenopeek (as the starting poster and as admin) can at every day edit the starting post to include the latest information (as he did at last 2 days ago). As soon as he does this, your full quote will possibly get partially wrong, at least outdated. Besides that it is annoying to force the readers to scroll endlessly just to find a single line of your own message.
Re: How to update your kernel for Meltdown and Spectre
Hear, hear.
If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
Re: How to update your kernel for Meltdown and Spectre
hi oliverjames...in answer to your question...yes, change the kernel to kernel 4.13.0-36 or 4.4.0-116 on your 18.2 mint...4.4.0-116 is the LTS kernel...4.13 0-36 is the HWE kernel...these kernels contain the mitigations for spectre/meltdown situation...the others do not...DAMIEN
- AZgl1800
- Level 20
- Posts: 11145
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: How to update your kernel for Meltdown and Spectre
Is there a specific reason to choose one of these kernels over the other one?DAMIEN1307 wrote: ⤴Wed Feb 28, 2018 7:22 am .4.4.0-116 is the LTS kernel...4.13 0-36 is the HWE kernel...these kernels contain the mitigations for spectre/meltdown situation...the others do not...DAMIEN
IE, I am now using the 4.13.0-36-generic kernel, is it better than, or just equal to the 4.4.0-116 kernel?
- Pjotr
- Level 23
- Posts: 19879
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: How to update your kernel for Meltdown and Spectre
Doesn't matter. Both are good.AZgl1500 wrote: ⤴Wed Feb 28, 2018 6:30 pmIs there a specific reason to choose one of these kernels over the other one?DAMIEN1307 wrote: ⤴Wed Feb 28, 2018 7:22 am .4.4.0-116 is the LTS kernel...4.13 0-36 is the HWE kernel...these kernels contain the mitigations for spectre/meltdown situation...the others do not...DAMIEN
IE, I am now using the 4.13.0-36-generic kernel, is it better than, or just equal to the 4.4.0-116 kernel?
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: How to update your kernel for Meltdown and Spectre
@ AZgl1500, .......
HWE = Hardware Enablement.
In general, a newer kernel is more compatible with newer hardware/computers. Also, there are LTS kernels for each generation of hardware, eg LTS kernels 3.13, 4.4 and the coming 4.15.
....... So, a newly computer with the 7th-gen Intel KabyLake processor has to run Linux kernel 4.13 and not 4.4, and later upgrade to LTS kernel 4.15.
A computer with the 5th-gen Intel Broadwell processor or earlier should be running Linux kernel 4.4 LTS and not 4.13.
.
HWE = Hardware Enablement.
In general, a newer kernel is more compatible with newer hardware/computers. Also, there are LTS kernels for each generation of hardware, eg LTS kernels 3.13, 4.4 and the coming 4.15.
....... So, a newly computer with the 7th-gen Intel KabyLake processor has to run Linux kernel 4.13 and not 4.4, and later upgrade to LTS kernel 4.15.
A computer with the 5th-gen Intel Broadwell processor or earlier should be running Linux kernel 4.4 LTS and not 4.13.
- AZgl1800
- Level 20
- Posts: 11145
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: How to update your kernel for Meltdown and Spectre
Thank you, this is the answer I was looking for.michael louwe wrote: ⤴Thu Mar 01, 2018 4:46 am .
HWE = Hardware Enablement.
In general, a newer kernel is more compatible with newer hardware/computers. Also, there are LTS kernels for each generation of hardware, eg LTS kernels 3.13, 4.4 and the coming 4.15.
....... So, a newly computer with the 7th-gen Intel KabyLake processor has to run Linux kernel 4.13 and not 4.4, and later upgrade to LTS kernel 4.15.
A computer with the 5th-gen Intel Broadwell processor or earlier should be running Linux kernel 4.4 LTS and not 4.13.
Still very much new to Linux, scrambling for knowledge.
Re: How to update your kernel for Meltdown and Spectre
I just scanned through this thread, whew! I have a question...michael louwe wrote: ⤴Thu Mar 01, 2018 4:46 am...there are LTS kernels for each generation of hardware, eg LTS kernels 3.13, 4.4 and the coming 4.15. ....... So, a newly computer with the 7th-gen Intel KabyLake processor has to run Linux kernel 4.13 and not 4.4, and later upgrade to LTS kernel 4.15.
I'm running LM 18.2, and I've been troubleshooting an issue with my Plex Media Server over in the Plex forum and I'm being told I need to upgrade to LM 18.3. I pointed out that 18.2 is supported through 2021, but I noticed that my Kernel (4.13) is already out of support.
I have 7700K CPU. Can I go ahead and upgrade to 4.15? I wasn't sure because Update Manager isn't showing me 4.15, and the above quote, which was posted March 1, refers to 'the coming 4.15'. Yet according to the Linux Kernel page @ wikipedia, 4.15 was published January 28
Linux Mint 18.2 Xfce x64 | ASRock Z270 Extreme4 | Core i7 7700K | Cryorig H7 cooler| 32GB DDR4 2400| modded legacy Evercase LE4252 | EVGA 450W B3 | ADATA SX8200 Pro SSD
- smurphos
- Level 18
- Posts: 8501
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: How to update your kernel for Meltdown and Spectre
4.13 is still supported by Ubuntu and will be until August 18. After that update manager should automatically offer an Ubuntu supported 4.15 kernel when a security update is needed. An Ubuntu supported 4.15 will likely appear in update manager a few months before August as an option in the Kernel lists but won't be pushed until 4.13 support ends.ginahoy wrote: ⤴Sun Mar 11, 2018 10:22 pm ....but I noticed that my Kernel (4.13) is already out of support.
I have 7700K CPU. Can I go ahead and upgrade to 4.15? I wasn't sure because Update Manager isn't showing me 4.15, and the above quote, which was posted March 1, refers to 'the coming 4.15'. Yet according to the Linux Kernel page @ wikipedia, 4.15 was published January 28
The kernel support schedule for Ubuntu supported kernels (the ones offered by update manager) is here - https://wiki.ubuntu.com/Kernel/Support# ... el_Support
When looking at info on the web about support for any particular kernel version you need to distinguish between information talking about 'support from kernel.org' or 'support from Ubuntu'.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.