ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

[ArtGirl]

I just installed 4.4.0-108, and the system is fine. Is this the actual patched version?, as I can see 4.4.110 on https://www.kernel.org/. I'm running 4.13, so the 4.4.0-108 isn't active? Thanks.

[JeremyB]

Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one

[ArtGirl]

Artgirl, you need to use grub menu at boot, select advanced options, then scroll down to the 4.4.0-108 kernel to boot into it
That is the patched one

Thanks, JeremyB. Much appreciate.
EDIT: Krita's running just the same as when unpatched, on the patched 4.4.

[Laurent85]

You can also check dmesg output for kpti status (kernel page table isolation) which fixes variant #3 Meltdown vulnerabilty:

Code: Select all

dmesg | grep isolation
[    0.000000] Kernel/User page tables isolation: enabled

[ArtGirl]

I've just installed 4.13.0-25 and the system is running perfectly (Krita, Wine/games incl large games, etc)! Thanks so much to everyone involved. Off to donate.

[smurphos]

For anyone on 4.10 please be aware that Update Manager is not picking up the patched 4.13.0-25.29~16.04.2 as a recommended security update as might be expected. It is there and can be manually installed from the kernel section of Update Manager.

I don't think this is a fault in Update Manager - this kernel is still flagged by Ubuntu devs as HWE-Edge for 16.04 and not HWE which I think prevents Update Manager recommending it.

[michael louwe]

https://access.redhat.com/articles/3311301 (how to use the Terminal to disable the KPTI/Meltdown and Spectre patches, if needed)

https://www.theregister.co.uk/2018/01/0 ... _problems/ (dated 8 Jan 2018 - more problems from the Windows Meltdown patch)

[michael louwe]

As per https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown (up to 9 Jan 2018), the KPTI/Meltdown patch has been released for Ubuntu and Ubuntu-based distros and is in Linux kernel 3.13.139, 4.4.108 and 4.13.25.
... Bear in mind that these kernels from Canonical-Ubuntu are different from those KPTI-patched kernels in kernel.org, even if they have the same numbering.

What about the BIOS/firmware/microcode updates to patch for the Spectre bug.? Do we get them from the OEMs or from Update/Driver Manager.?

[thx-1138]

https://downloadcenter.intel.com/downlo ... -Data-File
For those interested...

[michael louwe]

@ thx-1138, .......

https://downloadcenter.intel.com/downlo ... -Data-File
For those interested...

Thx.

From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.

The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.

[ArtGirl]

From the link, looks like, nearly all affected Intel processors up to 20+ years old can be patched for the Spectre bug through Linux.

The microcode fix is a tar.gz file = download, extract to a folder, go through the Read.me file for the installation instructions, install and reboot.

Eek, that's too complicated an install for me, but great that the update is available. Are there any very simple instructions, preferably with big pictures, lol? I'm thinking that with this microcode being a security update it may not be long before it's in the Drivers section?

[now3by]

Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:

!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin

[ArtGirl]

Old Intel CPU are not yet updated for Spectre & Meltdown !
Latest Intel microcode 20180108 update only 8 CPUs models:

!New_cpu306E4_platED_ver0000042A_2017-12-01_PRD_9B215C1F.bin
!New_cpu706A1_plat01_ver00000022_2017-12-26_PRD_CA264967.bin
!New_cpu806EA_platC0_ver00000080_2018-01-04_PRD_F6263DAE.bin
!New_cpu906EA_plat22_ver00000080_2018-01-04_PRD_84CABC68.bin
!New_cpu906EB_plat02_ver00000080_2018-01-04_PRD_D24EDB7F.bin
!New_cpu50654_platB7_ver0200003C_2017-12-08_PRD_A4059069.bin
!New_cpu50662_plat10_ver00000014_2017-12-16_PRD_9161527A.bin
!New_cpu50663_plat10_ver07000011_2017-12-16_PRD_B17C1102.bin

There's a huge list that can be seen by following the link 3 posts above; I know, as I had to copy/paste them all into a text file to be able to search, with there being so many. Easier to search for your system that way ... look at System Settings/System Info first, loading it up into browser (github page).

[now3by]

That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !

It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !

[michael louwe]

@ Artgirl, .......

...

Ensure that your Intel processor is covered by the microcode fix from Intel.
.
For an example of the GUI steps for a tar.gz file, please refer to ... https://askubuntu.com/questions/713734/ ... untu-14-04

Normally, you just need to double-click on the appropriate installation files to run them. In the above link, I think step 5 onwards are for a non-normal install in non-mainstream Linux distros.

[michael louwe]

@ now3by, .......

...

.
These links ... https://news.ycombinator.com/item?id=16111433 and https://bugs.launchpad.net/ubuntu/+sour ... ug/1742364
confirm that the latest Intel microcode 20180108(courtesy of thx-1138) is for the Spectre bug and applies to nearly all Intel processors.

[now3by]

I tested myself few old CPUs in hw I have here: N3530, I5-520M, I5-3470, E8400, E8500, Q6600 with latest Intel microcode-20180108 and they have no new microcode update since microcode-20171117 and previous.
Tested new I5-7400 CPU and it have a microcode update.

Test yourself and let us know for what CPU you found microcode update that patch Spectre...

[michael louwe]

@ now3by, .......

...

.
According to this link ... https://downloadcenter.intel.com/produc ... 3-MHz-FSB- , the latest Intel microcode 20180108 can be applied to the Intel E8400 processors.

LM users may download the microcode tar.gz file, extract it, read the Release notes for installation instructions, install it through the Terminal and reboot.
... Or they can wait for the Intel microcode 20180108 update to appear in Driver Manager = easier to install.

[now3by]

That list show all CPU that have microcode update since they are released from factory with the default microcode included and not CPU that have microcode update for Spectre and Meltdown flaws !

It will take a log time to update all Intel CPUs for this Spectre & Meltdown flaw !

why don't you compare microcode-20180108 and microcode-20171117 to see that only few files are updated ?

[kitaubila]

I'm completely lost with all this spectre/meltdown issue and the list of updates/patches that never ends .
Also I'm a complete LM newbie . Can anyone explain what I should install or keep my eye out for these 2 systems.
I have 2 LMs in my VirtualBox:

RELEASE=17.3
CODENAME=rosa
EDITION="MATE 64-bit"
kernel:
3.19.0-32-generic #37~14.04.1-Ubuntu SMP

and

RELEASE=18.2
CODENAME=sonya
EDITION="Xfce 64-bit"
kernel:
4.10.0-32-generic #36~16.04.1-Ubuntu SMP


P.S. what is this microcode now? is this something like .inf (driver) in Win? So I need this in LM together with new kernel when they appear?
Is there any way to patch FireFox v56 for spectre/meltdown cos I really hate v57 and the thing that I can't use half of my add-ons .

thanks