In short, Linux Mint 18.x users should be using kernel 4.4.0-116 or 4.13.0-36 or newer and NOT continue to use any 4.8.x, 4.10.x or 4.11.x kernels (those are no longer updated and unsafe). Linux Mint 17.x users should be using kernel 3.13.0-142 or 4.4.0-116 and NOT continue to use any 3.16.x, 3.19.x or 4.2.x kernels (those are also no longer updated and unsafe).
Need to know
You can view the latest status of the kernel mitigations against the Meltdown and Spectre processor bugs here: https://wiki.ubuntu.com/SecurityTeam/Kn ... itigations.
Also update your web browser: For Spectre there are 2 variants, where variant 1 is fixed in the kernel but variant 2 also requires a processor microcode update. Many systems will not yet have such a microcode update and remain vulnerable to variant 2 (and for 32-bit installations of Linux Mint there is no kernel upgrade yet that includes Spectre variant 2 patch). As such it is critical that you have also updated your web browser. Firefox version 57.0.4 (or newer) and Google Chrome version 64 (or newer) both have mitigation in place that makes it impossible for JavaScript on websites to exploit any of these bugs. Note that Chromium has not been patched yet! (If you use another web browser, check your version is safe from Meltdown and Spectre.) The kernel fixes on their own are not sufficient to keep your system safe.
32-bit system remain vulnerable to Meltdown: There are no patches (yet) for Meltdown on 32-bit Linux distros running on Intel or ARM processors (AMD processors are not affected by Meltdown). That means if you have Intel processor and are using Linux Mint 32-bit you should replace it with Linux Mint 64-bit if you're concerned about Meltdown.
VirtualBox hosts: If you're using Linux Mint 18.x as a VirtualBox host you should stick with the 4.4 kernel series or add the Oracle VirtualBox repository to your system. The version of VirtualBox on Linux Mint 18.x is not (yet) compatible with 4.13 kernel series. If you need 4.13 kernel series (e.g., you're using Intel Kaby Lake or AMD Ryzen processor) choose the latter option. An example of the steps to add Oracle VirtualBox repository to your system are found here: https://askubuntu.com/a/995096
Before you proceed !!!
Before you do anything, we recommended you use Timeshift and take a system snapshot. That way if any of the updates cause problems you have the option to roll them back. Timeshift has been made available on all Linux Mint versions and can be installed through Software Manager.
Upgrading your kernel
If you don't know your Linux Mint version open the terminal from your menu and run this command:
inxi -S
Instructions for Linux Mint 18.3 and 18.2:
- From Update Manager's View menu open Linux kernels, select 4.13 in the left sidebar and at the right you should see version 4.13.0-36 or newer (a higher number than 36 at the end). That should show as installed and in the top of the window it should be shown as currently used. If not, install it and reboot your system to load the new kernel. As an alternative you may use 4.4.0-116 or newer (a number higher than 116 at the end).
- If it booted fine and everything seems to work you can remove other kernels from View > Linux kernels menu. If it didn't boot fine you can boot your previous kernel through GRUB boot menu (hold down shift key during boot if GRUB menu is not shown during boot).
- In the list of available updates you may see level 4 security upgrades for linux-libc-dev (it may be for a lower version number than your kernel, which is fine and as expected). You should install all security updates.
- From Update Manager's View menu open Linux kernels, select 4.4 in the left sidebar and scroll down till you see version 4.4.0-116 or newer (a higher number than 116 at the end). The list may be sorted a bit strange. That should show as installed and in the top of the window it should be shown as currently used. If not, install it and reboot your system to load the new kernel. As an alternative you may use 4.13.0-36 or newer (a number higher than 36 at the end).
- If it booted fine and everything seems to work you can remove other kernels from View > Linux kernels menu. If it didn't boot fine you can boot your previous kernel through GRUB boot menu (hold down shift key during boot if GRUB menu is not shown during boot).
- In the list of available updates you may see level 5 security upgrades for linux or Linux kernel 4.some version (it may be for a lower version number than your kernel, which is fine and as expected if the upgrade contains the package linux-libc-dev). You should install all security updates.
- From Update Manager's View menu open Linux kernels and scroll up from the end (it's sorted a bit strange) till you see version 4.4.0-116 or newer (a higher number than 116 at the end). That should show as installed and loaded. If not, install it and reboot your system to load the new kernel. As an alternative you may use 3.13.0-142 or newer (a number higher than 142 at the end).
- If it booted fine and everything seems to work you can remove other kernels from View > Linux kernels menu. If it didn't boot fine you can boot your previous kernel through GRUB boot menu (hold down shift key during boot if GRUB menu is not shown during boot).
- In the list of available updates you should also see (or have already installed) a level 5 security upgrade for linux-kernel to version 4.4.0-lts1. You may see level 5 security upgrades for linux (it may be for a lower version number than your kernel, which is fine and as expected if the upgrade contains the package linux-libc-dev). You should install all security updates.
- From Update Manager's View menu open Linux kernels and scroll down till you see version 3.13.0-142 or newer (a higher number than 142 at the end). It should be near the beginning of the list (it's sorted a bit strange). That should show as installed and loaded. If not, install it and reboot your system to load the new kernel. As an alternative you may use 4.4.0-116 or newer (a number higher than 116 at the end).
- If it booted fine and everything seems to work you can remove other kernels from View > Linux kernels menu. If it didn't boot fine you can boot your previous kernel through GRUB boot menu (hold down shift key during boot if GRUB menu is not shown during boot).
- In the list of available updates you should also see (or have already installed) a level 5 security upgrade for linux-kernel to version 3.13.0-lts1. You may see level 5 security upgrades for linux (it may be for a lower version number than your kernel, which is fine and as expected if the upgrade contains the package linux-libc-dev). You should install all security updates.
You can use https://github.com/speed47/spectre-meltdown-checker to test the patch status of your system. It tests both hardware, microcode and kernel. Download the zip, extract the .sh file from it and open a terminal on the directory where you have extracted the .sh file. Then run this command to run the tests:
sudo sh spectre-meltdown-checker.sh