How to update your kernel for Meltdown and Spectre

Quick to answer questions about finding your way around Linux Mint as a new user.
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions use the other forums in the support section.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to update your kernel for Meltdown

Post by phd21 »

Hi "xenopeek" & "Clem",

Thank you for your informative posts on this topic, much appreciated.

"For more information also see Security notice: Meltdown and Spectre". This link below has a lot of good information.
https://blog.linuxmint.com/?p=3496

I found it really interesting to see all the hidden (undeclared) new and or experimental features that the browsers have when going to "chrome://flags", or "opera://flags", etc... to enable “Strict site isolation” for these security issues. Caution to users, do not enable other features you do not know about without researching them first (read descriptions).
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
User avatar
Flemur
Level 20
Level 20
Posts: 10097
Joined: Mon Aug 20, 2012 9:41 pm
Location: Potemkin Village

Re: How to update your kernel for Meltdown

Post by Flemur »

People with older nvidia cards - which use 304 or 340 driver - should install the 4.4.0-109 kernel if they want to install the nvidia driver, e.g. for Cinnamon.
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?
User avatar
Superannuated
Level 4
Level 4
Posts: 303
Joined: Wed Sep 16, 2015 1:18 am
Location: UTC -8 :: Pacific Coast USA

Re: How to update your kernel for Meltdown

Post by Superannuated »

xenopeek wrote:In short, right now you should be using kernel 4.4.0-109 or 4.13.0-26 or newer. You should NOT continue to use any 3.x, 4.8.x or 4.10.x kernels.
Please provide clarity about not using the 3.13 kernel with LM17.3. Why not use 3.13.0-139? Doesn't it contain a Meltdown patch? This Ubuntu Insights write-up says to run the 3.13 kernel on the Trusty base.

For example, last night I installed the 4.4.0-109 kernel on two Dell OptiPlex computers running LM17.3 Mate. After the kernel update both of them could not get past grub--just a black screen. Earlier versions of the kernel worked fine, such as 3.19.0-32 and 4.4.0-98. I installed the 3.13.0-139 kernel and both computers booted up fine and all hardware appears to work OK. Are these computer now unsafe?

[Update: I went back to one of my LM17.3 Mate computers and installed the latest 4.4.0-109 and all kernel security updates that had anything to do with it, did a refresh of the Update Manager, and for good measure did sudo update-grub in the terminal. This time the computer liked the changes and booted up with no problem. So I don't have to run a 3.13 kernel on my LM17.3 machine.]
Last edited by Superannuated on Wed Jan 10, 2018 8:11 pm, edited 1 time in total.
pjc123
Level 2
Level 2
Posts: 75
Joined: Tue Apr 09, 2013 2:13 pm
Contact:

Re: How to update your kernel for Meltdown

Post by pjc123 »

stepan2013 wrote:Trying to install 4.13.0-26, but there is an error:

Code: Select all

Examining /etc/kernel/header_postinst.d.
run-parts: executing /etc/kernel/header_postinst.d/dkms 4.13.0-26-generic /boot/vmlinuz-4.13.0-26-generic
Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
Consult /var/lib/dkms/ndiswrapper/1.60/build/make.log for more information.
Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
Consult /var/lib/dkms/nvidia-340/340.102/build/make.log for more information.
And, of course, no booting with this kernel.
I had those errors on two completely different laptops (each with Mint 18.3 Cinnamon), but it did not prevent 4.13.0-26 from installing or running on next boot.
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: How to update your kernel for Meltdown

Post by xenopeek »

Superannuated wrote:Please provide clarity about not using the 3.13 kernel with LM17.3. Why not use 3.13.0-139?
I've updated the first post with that info. According to https://usn.ubuntu.com/usn/usn-3524-1/ it indeed has the Meltdown fix. Only Linux Mint 17 and 17.1 used 3.13.
Image
dug

Re: How to update your kernel for Meltdown

Post by dug »

For anyone having trouble grub not booting the latest kernel:

For kernel version 4.4.0-92201708161632 (or probably any other with the date appended to the name), installing a newer kernel version through the Update Manager did not automagically update grub to the latest kernel and update-grub did not correct the default kernel to boot either. The latest kernel and sources were being installed then grub was booting into 4.4.0-9222017... which was still installed. Installing a kernel version which sorts higher (such as 4.13) or removing the date-appended kernels should clear things up.
jazz.h
Level 4
Level 4
Posts: 363
Joined: Sat Jun 18, 2011 7:13 am

Re: How to update your kernel for Meltdown

Post by jazz.h »

mate.png
xenopeek wrote:I've updated the first post with that info.
Hello xenopeek!
My config is:

Code: Select all

System:    Host: dk-MATE Kernel: 3.19.0-32-generic x86_64 (64 bit) Desktop: MATE 1.12.0
           Distro: Linux Mint 17.3 Rosa
but the highest in my list of kernels in mint update is 4.4.0-98 and 3.19.0-80.
What should I do?
User avatar
Superannuated
Level 4
Level 4
Posts: 303
Joined: Wed Sep 16, 2015 1:18 am
Location: UTC -8 :: Pacific Coast USA

Re: How to update your kernel for Meltdown

Post by Superannuated »

On my computer the kernels with the last numbers in the 100s were ordered at the beginning of that series, for example 4.4.0-109 is near the first part of the 4.4 series. That was with the LM17.3 Update Manager.
User avatar
LamphunLumyai
Level 3
Level 3
Posts: 181
Joined: Tue Mar 24, 2015 9:20 am

Re: How to update your kernel for Meltdown

Post by LamphunLumyai »

slavko wrote:
Spearmint2 wrote:Did those above having problems with not seeing the kernel change in their GRUB first run

Code: Select all

update-grub
before rebooting????
Are we supposed to do so? Shouldn't Update Manager take care of that?

I never had to do this till now, and never had problems before 4.13.
I check a couple of different ways to update by chose to use the update manager when the level 5 kernel update was offered which should be available now through the official channels. It worked without a problem. No need to update grub. After the update via update manager, grub reflected the change. So in update manager change the preference so that level 5 updates and ''always show security updates' will be visible and then install the available kernel update.
User avatar
all41
Level 19
Level 19
Posts: 9473
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: How to update your kernel for Meltdown

Post by all41 »

xenopeek wrote: (...)

In short, Linux Mint 18.x users should be using kernel 4.4.0-109 or 4.13.0-26 or newer and NOT continue to use any 4.8.x or 4.10.x kernels. Linux Mint 17.x users should be using kernel 3.13.0-139 or 4.4.0-109 and NOT continue to use any 3.16.x or 3.19.x kernels.
@xenopeek
thank you for the concise instructions
Last edited by Moem on Thu Jan 11, 2018 7:42 am, edited 1 time in total.
Reason: Trimming a quote
Everything in life was difficult before it became easy.
User avatar
RavingLoony
Level 1
Level 1
Posts: 12
Joined: Mon Apr 30, 2012 2:44 pm

Re: How to update your kernel for Meltdown

Post by RavingLoony »

That worked well for me, in 18.3 Cinnamon and the Update Manager tells me I'm using 4.13.0-26 (this also shows up in the inxi -S command). Question? Is it absolutely necessary to remove 4.8, 4.10 if the system is showing correct updated kernel? TIA.
rpgman

Re: How to update your kernel for Meltdown

Post by rpgman »

in your instructions you state....

"If it booted fine you can remove 4.8 and 4.10 and other 4.13 kernels from View > Linux kernels menu and if it didn't boot fine you can boot your previous kernel from GRUB"

can you advise how to remove a kernel...never done that before...thanx.
User avatar
RavingLoony
Level 1
Level 1
Posts: 12
Joined: Mon Apr 30, 2012 2:44 pm

Re: How to update your kernel for Meltdown

Post by RavingLoony »

rpgman wrote:in your instructions you state....

"If it booted fine you can remove 4.8 and 4.10 and other 4.13 kernels from View > Linux kernels menu and if it didn't boot fine you can boot your previous kernel from GRUB"

can you advise how to remove a kernel...never done that before...thanx.
If you navigate to the inactive kernels that are installed and click on them and select remove. I tried it and everything is still working after a few reboots! This version of Mint works a treat even got Bluetooth operational now!
User avatar
Moem
Level 22
Level 22
Posts: 16193
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: How to update your kernel for Meltdown

Post by Moem »

rpgman wrote:can you advise how to remove a kernel...never done that before...thanx.
Go to the Update manager, View, Linux Kernels. Click (left) and scroll (right) until you see the kernel that you have installed and want to remove. Select it to highlight it. Click the button marked 'Remove'.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
pjc123
Level 2
Level 2
Posts: 75
Joined: Tue Apr 09, 2013 2:13 pm
Contact:

Re: How to update your kernel for Meltdown

Post by pjc123 »

Quote from the OP:

"If it booted fine you can remove other kernels from View > Linux kernels menu and if it didn't boot fine you can boot your previous kernel from GRUB"

Just an FYI. Really, really bad idea not leaving at least one previous kernel, even if you THINK everything went OK with the new kernel. I have had things go horribly wrong the next day or so and having the backup kernel saved my ***.

To be on the safe side, to delete old kernels (Add sudo command if necessary):

Code: Select all


 1. Check for boot space

		df -h /boot

 2. List currently installed kernels

		ls /boot/ | grep vmlinux*

			OR

		dpkg -l | grep linux-image

 3. WARNING!: LIST CURRENT ACTIVE KERNEL AND MAKE SURE YOU DON'T DELETE THAT ONE.

		uname -a

 4. Load the Update Manager
     a. Go to view > Linux Kernels
     b. Select and delete the appropriate kernel(s).
 
5.  Check how much space you cleared up.

		df -h /boot

User avatar
NoahsArk
Level 1
Level 1
Posts: 42
Joined: Tue Mar 07, 2017 7:11 pm
Location: North West England

Re: How to update your kernel for Meltdown

Post by NoahsArk »

Thank You for the guidance exenopeek.

Feedback

Running Intel i7 Single boot - i.e. no Windows junk.

Lenovo Z710

Kernel: 4.4.0-109-generic x86_64 (64 bit)

Desktop: Cinnamon 3.2.7 Distro: Linux Mint 18.1 Serena

To remove old kernels I refer to this excellent article by Pjotr. I'll not be removing any for the time being because I have a lot of HD space.

https://sites.google.com/site/easylinuxtipsproject/4

:D
Linux - Il est interdit d' interdire
linux_rules
Level 4
Level 4
Posts: 277
Joined: Sun Apr 24, 2011 1:51 am

Re: How to update your kernel for Meltdown

Post by linux_rules »

xenopeek wrote:As stated, you should use a web browser that has mitigation built in against exploiting these bugs. Like Firefox 57.0.4+
Do you think NoScript is necessary if I use FF inside Firejail sandbox ?
User avatar
xenopeek
Level 25
Level 25
Posts: 29459
Joined: Wed Jul 06, 2011 3:58 am

Re: How to update your kernel for Meltdown

Post by xenopeek »

linux_rules wrote:Do you think NoScript is necessary if I use FF inside Firejail sandbox ?
You should do what makes you comfortable. Your browser is already immune on its own to JavaScript attacks that would use these bugs.
(If you don't use Flash, Java or other such unsafe plugins.)
Image
linux_rules
Level 4
Level 4
Posts: 277
Joined: Sun Apr 24, 2011 1:51 am

Re: How to update your kernel for Meltdown

Post by linux_rules »

xenopeek wrote:
linux_rules wrote:Do you think NoScript is necessary if I use FF inside Firejail sandbox ?
You should do what makes you comfortable. Your browser is already immune on its own to JavaScript attacks that would use these bugs.
(If you don't use Flash, Java or other such unsafe plugins.)
Okay/Thanks
rpgman

Re: How to update your kernel for Meltdown

Post by rpgman »

Moem wrote:
rpgman wrote:can you advise how to remove a kernel...never done that before...thanx.
Go to the Update manager, View, Linux Kernels. Click (left) and scroll (right) until you see the kernel that you have installed and want to remove. Select it to highlight it. Click the button marked 'Remove'.
Thank you, that helped.
Locked

Return to “Beginner Questions”