How to update your kernel for Meltdown and Spectre

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
User avatar
ICIT2
Level 3
Level 3
Posts: 128
Joined: Fri Nov 10, 2017 6:48 am
Location: Central West NSW Australia

Re: How to update your kernel for Meltdown

Post by ICIT2 »

Being a newbie I find this all a bit confusing to be honest I am running 18.3 and currently my kernel is 4.10.0-38 and the latest kernel is in the list of available updates and given that I am getting dire warnings about wrecking my system I am just wondering what to do.

If in the event that the system crashes is the worst thing that can happen is that I have to reinstall because to be honest I don't have any worries about doing that except that I have to set up all my programs and sites again I could I suppose clone the drive and do the kernel on the clone and see what happens but it seems a lot of mucking around if I don't need to do that.

Any advice really appreciated. :)
The difference between genius and stupidity is that genius has it limits - Einstein
User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1389
Joined: Tue Apr 26, 2016 3:28 pm

Re: How to update your kernel for Meltdown

Post by Arch_Enemy »

xenopeek wrote:Some changes are being worked on for Update Manager so below instructions are temporary. However if you want to upgrade your kernel right now to fix Meltdown (variant 3), these are the general instructions. The patches for Spectre (variant 1 and 2) aren't available yet.

Make sure you have also updated your web browser and you're running Firefox version 57.0.4 or newer, as that has mitigation that makes it impossible for JavaScript on websites to exploit these bugs. Average home users only run untrusted code in their web browser so this mitigation is key to being safe from these bugs.

For more information also see Security notice: Meltdown and Spectre

NOTE: It's recommended you use Timeshift and take a system snapshot before upgrading the kernel. That way you have the option to roll back if needed. Timeshift has been made available on all Linux Mint versions and can be installed through Software Manager.

Instructions for Linux Mint 17.x (any release):
  • Open Update Manager
  • From its View menu open Linux kernels
  • Scroll to the end and from there back up till you see 4.4.0-109 and install that version (on Linux Mint 17 or 17.1, that use the kernel 3.13.0 series, you could instead use 3.13.0-139).
  • Reboot your system
  • If it booted fine you can remove other kernels from View > Linux kernels menu and if it didn't boot fine you can boot your previous kernel from GRUB
Already done, my friend! Been watching for kernel updates daily. ;)
But, nice write up!
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~28G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
User avatar
ICIT2
Level 3
Level 3
Posts: 128
Joined: Fri Nov 10, 2017 6:48 am
Location: Central West NSW Australia

Re: How to update your kernel for Meltdown

Post by ICIT2 »

Ok well I am going to take a chance with the kernel update as I can see right now that if the worst comes to the worst I shall have to reinstall.
The difference between genius and stupidity is that genius has it limits - Einstein
User avatar
AZgl1500
Level 14
Level 14
Posts: 5176
Joined: Thu Dec 31, 2015 3:20 am
Location: Oklahoma where the wind comes sweeping down the plains
Contact:

Re: How to update your kernel for Meltdown

Post by AZgl1500 »

I just upgraded to Kernal 4.13 successfully,

then ran Timeshift.... a bit too late, but at least I have a copy now.

What I am wondering about now, are these two errors.
Are they important, and how do I get rid of them?

------------------------------------------------------------------------------
0 > 2018-01-11_21-47-37 O

john@john-TP500LA ~ $ sudo timeshift --list

(process:8607): Gtk-CRITICAL **: gtk_icon_theme_get_for_screen: assertion 'GDK_IS_SCREEN (screen)' failed

(process:8607): Gtk-CRITICAL **: gtk_icon_theme_append_search_path: assertion 'GTK_IS_ICON_THEME (icon_theme)' failed
Device : /dev/sda1
UUID : 2366e397-979a-4520-a83c-741ef1fe9990
Path : /
Mode : RSYNC
Device is OK
1 snapshots, 462.4 GB free

Num Name Tags Description
------------------------------------------------------------------------------
Linux Mint 19.3 Cinnamon
User avatar
Spearmint2
Level 16
Level 16
Posts: 6893
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: How to update your kernel for Meltdown

Post by Spearmint2 »

ICIT2 wrote:Ok well I am going to take a chance with the kernel update as I can see right now that if the worst comes to the worst I shall have to reinstall.
Unless you uninstall the old kernel, it would still be there at bootup screen in another section like "Previous ......" to boot from it instead, then you can remove the problem kernel.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
User avatar
michael louwe
Level 10
Level 10
Posts: 3295
Joined: Sun Sep 11, 2016 11:18 pm

Re: How to update your kernel for Meltdown

Post by michael louwe »

@ jazz.h, .......
jazz.h wrote:Hello xenopeek!
My config is:

Code: Select all

System:    Host: dk-MATE Kernel: 3.19.0-32-generic x86_64 (64 bit) Desktop: MATE 1.12.0
           Distro: Linux Mint 17.3 Rosa
but the highest in my list of kernels in mint update is 4.4.0-98 and 3.19.0-80.
What should I do?
.
If you have a computer that is less than 5 years old, you should install the Level 5 update for Linux kernel 4.4 lts. Otherwise, go to >Update Manager >View >Linux kernels >Install kernel 3.13.xxx. Reboot.
... Ensure that your computer system remains stable. If not, revert to previous kernel 3.19.32 by rebooting, >Grub menu >Advanced options. Then go back to >Update Manager >View >Linux kernels >Remove the unstable kernel. Better to stay unpatched than to have an unstable system.

Refresh Update Manager(= update Ubuntu repos) = the Meltdown/KPTI patch for the kernel should then be available for install.

Again, go to >Update Manager >View >Linux kernels, and install kernel 4.4.108 / .109 / .110 or 3.13.139/.140. Reboot. Ensure that system remains stable. If not revert and remove, and wait for the release of a newer patched kernel, eg 4.4.111 or 3.13.141.
Sinnis250
Level 2
Level 2
Posts: 80
Joined: Thu Jun 16, 2016 9:47 am

Re: How to update your kernel for Meltdown

Post by Sinnis250 »

I tried the suggestion of installing 4.4.0-109 for my version of Linux Mint 17.3 [Cinnamon Rosa 3.19.0-32 generic (x86_64) 64bit AMD processor].

What happened was "Cinnamon has crashed and is running in fallback mode".

Back to 3.19.0-32 generic (x86_64) for the time being.



I suppose I should wait this out until a stable patched kernel is available?
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: How to update your kernel for Meltdown

Post by Cosmo. »

You can try to use the latest release of kernel 3.13; this series is still supported and will be during during the life time of Mint 17.x

There is a small problem with it: Linux systems boot by default always the newest installed kernel. To boot with 3.13 you have to do this - at least once - manually. You press and hold the shift key immediately after powering in and select from th upcoming grub menu the kernel 3.13. If this works for you you can uninstall from update manager -> Linux kernel the newer kernel, so that 3.13 boots automatically.
User avatar
kc1di
Level 16
Level 16
Posts: 6313
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: How to update your kernel for Meltdown

Post by kc1di »

Kernel updates go well here :)
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608
Sinnis250
Level 2
Level 2
Posts: 80
Joined: Thu Jun 16, 2016 9:47 am

Re: How to update your kernel for Meltdown

Post by Sinnis250 »

Cosmo. wrote:You can try to use the latest release of kernel 3.13; this series is still supported and will be during during the life time of Mint 17.x

There is a small problem with it: Linux systems boot by default always the newest installed kernel. To boot with 3.13 you have to do this - at least once - manually. You press and hold the shift key immediately after powering in and select from th upcoming grub menu the kernel 3.13. If this works for you you can uninstall from update manager -> Linux kernel the newer kernel, so that 3.13 boots automatically.
Thank you Cosmo.

Installing Kernel v 3.13.0-139 has worked sweetly.

Appreciate your help as always.............

Cheers!

:D
Neil Edmond
Level 6
Level 6
Posts: 1153
Joined: Thu Dec 26, 2013 10:19 am
Location: N.E. AR USA

Re: How to update your kernel for Meltdown

Post by Neil Edmond »

Installing 3.13.0-139 went without issue. Thanks for the direction on which kernel to go to based on currently installed kernel.
User avatar
buffest_overflow
Level 2
Level 2
Posts: 54
Joined: Sun May 07, 2017 8:35 pm

Re: How to update your kernel for Meltdown

Post by buffest_overflow »

xenopeek wrote:
linux_rules wrote:Do you think NoScript is necessary if I use FF inside Firejail sandbox ?
You should do what makes you comfortable. Your browser is already immune on its own to JavaScript attacks that would use these bugs.
(If you don't use Flash, Java or other such unsafe plugins.)
I don't even know man. I feel reluctant feeling that anything is safe these days.
There was this thing recently about bad cpows in Firefox; the whole "cliqz" affair. I checked out these entries in about:config:

Code: Select all

dom.ipc.cpows.allow-cpows-in-compat-addons
media.getusermedia.screensharing.allowed_domains
They both contained long lists of identities with hash values, I don't know if they were hashes assigned to me or hashes identifying them. Most were familiar to me, but that doesn't mean I want them doing whatever they're doing. Some of them I definitely did not want around me, and some were completely unknown. I run noscript, EFF's Badger and HTTPS, and uBlock. I consider myself pretty vigilant in these things, but things slip between the cracks. Nobody knows anything. This is maybe off topic, but I just wanted to point out what I have learned from personal experience, that there's always something new and unknown. "Safe" websites aren't even safe, necessarily. I hope everyone is ok.

Cisco Annual Security Reports:
https://www.cisco.com/c/en/us/products/ ... ports.html
I will guarantee that the worst sites in terms of malware listed in these reports are not what most people will be expecting.


Official (polite) explanation of what cliqz is for.
https://www.mozilla.org/en-US/privacy/firefox-cliqz/
User avatar
Spearmint2
Level 16
Level 16
Posts: 6893
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: How to update your kernel for Meltdown

Post by Spearmint2 »

Have you done the simplest which is go into about:config and changing settings you don't want in there. You can find a lot of dom stuff there too. Search o nthings like telemetry, onboard, video, http, newtab, and so forth.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
davester
Level 1
Level 1
Posts: 9
Joined: Fri Jan 12, 2018 8:15 am

Re: How to update your kernel for Meltdown

Post by davester »

im a total newbie... there is a nice gui for the kernels... called UKUU
its a kernel update utility with a gui, very handy for beginners.
it also has newer kernels wich are not availible throught the package manager if u dont install them through the bash..
this programm works like a charm...
im on 4.14.13 now..

http://www.teejeetech.in/p/ukuu-kernel- ... ility.html

(sorry if somebody already mentioned it, i didnt read through all posts)
greetz
Last edited by davester on Sat Jan 13, 2018 8:21 am, edited 2 times in total.
Fr@nK
Level 1
Level 1
Posts: 30
Joined: Mon Nov 30, 2015 11:36 am

Re: How to update your kernel for Meltdown

Post by Fr@nK »

Thanks Xenoppek for the tuto and advices.
I'm running LM18.3 with i5-4460 CPU and my actual kernel is 4.10.0-42.
I was waiting few days before to upgrade.
So, before to do that, I would like to be sure of the procedure.
I was heard that the intel-microcode should be upgraded before. Do you confirm ?
After that, I should upgrade the kernel to 4.13.0-26-29 using update manger then reboot. Right ?
Then, if things are OK, I will have to delete older kernel's, eventually keeping 4.4.0-109 if issues raise. Is it still OK ?
If not, the procedure consists of booting with the 2nd line in grub choosing a previous kernel. Still right ?

Thanks in advance for confirmation.

Cheers

P.S. English is not my native language, so my apologizes for mistakes.
User avatar
Moem
Level 20
Level 20
Posts: 11781
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: How to update your kernel for Meltdown

Post by Moem »

davester wrote:im a total newbie... there is a nice gui for the kernels... called UKUU
its a kernel update utility with a gui, very handy for beginners.
it also has newer kernels wich are not availible throught the package manager if u dont install them manual..
Please keep in mind that these are not guaranteed to work with Mint. There's usually a reason why they're not available through the Mint tools.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
davester
Level 1
Level 1
Posts: 9
Joined: Fri Jan 12, 2018 8:15 am

Re: How to update your kernel for Meltdown

Post by davester »

Moem wrote: Please keep in mind that these are not guaranteed to work with Mint. There's usually a reason why they're not available through the Mint tools.
LOL i personally think NOTHING is guaranteed to work if u play with the kernels yourself :D

im not sure but they are third party why should they be availible inside of the mint basic tools?
it says clear it is for Ubuntu-based Distributions (Ubuntu, Linux Mint, etc)

they worked perfect for me and a ton of other users on 4.14.
if the kernels werent for mint they shouldnt work at all i think.

like i said i had no problems so far and im on 4.14.14 at the moment.
there are also several linux mint blogs where users are using this tool without any problems on MINT.

i suggest u try it out yourself, if the kernel dont work (wich i dont think) u can always deinstall it and use the grub to go back to the kernel u was before..
Cosmo.
Level 23
Level 23
Posts: 17817
Joined: Sat Dec 06, 2014 7:34 am

Re: How to update your kernel for Meltdown

Post by Cosmo. »

i know another "nice gui for the kernels", it is called Update Manager -> Linux Kernels. It is already installed on every Mint system.
User avatar
Termy
Level 5
Level 5
Posts: 776
Joined: Mon Sep 04, 2017 8:49 pm
Location: UK
Contact:

Re: How to update your kernel for Meltdown

Post by Termy »

Yeah, for Linux Mint, I have to agree that using mintupdate for kernel changes is best, if you don't wind up using the terminal. That other program sounds handy for other distributions, however.
Here to help.

I'm LearnLinux (LL) on YouTube: https://www.youtube.com/channel/UCfp-lN ... naEE6NtDSg
I'm also terminalforlife (TFL) on GitHub: https://github.com/terminalforlife
User avatar
I2k4
Level 5
Level 5
Posts: 677
Joined: Thu Feb 02, 2012 8:33 pm

Re: How to update your kernel for Meltdown

Post by I2k4 »

As a quarter-century Windows user and Ubuntu / Mint user since 10.04 LTS, I haven't seen any security issue like this one, ever. There are no reported exploits. The vulnerability is recently discovered, goes to the very foundation of how hardware chips are designed, and the patches are of doubtful quality. The developers themselves all repeatedly refer to the possibility that current performance impacts are likely, and are likely to be resolved in future improvements - both to the patches and eventually to new hardware chips.

My suspicion is that on my machines the OS patch "cures" being released have a very high probability of damaging their performance, while the exploit "disease" still has a microscopic probability of affecting me at all. That of course might change any day now, as some global villain exploits unpatched PCs, and we get something like WannaCry affecting thousands - I took that seriously. On a similarly credible threat, I'll reconsider what I'm doing now. But it hasn't happened yet, and in the meantime I've made my mind up to disable both Windows and Mint Linux updates to the OS. (I've updated browsers and other related software as released.)

Obviously it's a situation worth attention, but not worth jumping at a media-driven hair-on-fire "emergency" that just isn't. (For a little grim humor, I'd compare this to an asymptomatic prostate diagnosis: "watchful waiting" rather than an intrusive surgery with serious risk of side effects.)
TRUST BUT VERIFY any advice from anybody, including me. Mint/Ubuntu user since 10.04 LTS. LM20 64 bit XFCE (Dell 1520). Dual booting LM20 XFCE / Win7 (Lenovo desktop and Acer netbook).
Post Reply

Return to “Newbie Questions”