How to fix vulnerabilities related to Spectre and Meltdown bugs in Ubuntu? [duplicate]

Question

I just learned about Meltdown and Spectre bugs. I read that:

There are patches against Meltdown for Linux (KPTI (formerly KAISER)), Windows, and OS X.

Following the link in the quote I get to an article which is too obscure for me to understand. Still, it says:

The resulting patch set (still called "KAISER") is in its third revision and seems likely to find its way upstream in a relatively short period of time.

Following again the link in the above quote I get into a page, updated the 10th of Novermber of 2017, where I read the following:

KAISER makes it harder to defeat KASLR, but makes syscalls and interrupts slower. These patches are based on work from a team at Graz University of Technology posted here[1]. The major addition is support for Intel PCIDs which builds on top of Andy Lutomorski's PCID work merged for 4.14. PCIDs make KAISER's overhead very reasonable for a wide variety of use cases.

The above page also links to the code of the fix (?), here, where I can also see kernel 4.14.

From this I conclude that the fix is available only for kernels 4.14 (and above?). However, all currently supported versions of Ubuntu use a lower kernel.

The latest Ubuntu (17.10) uses kernel 4.13. The latest LTS Ubuntu (16.04) uses 4.4.

Does this mean that the fix for such bug is not available for Ubuntu? It seems that Ubuntu 18.04 will be based on kernel 4.15, but this is still not released.

Notice also that the fix seems to refer only to Meltdown and not to Spectre. This would mean that there is currently no fix for such bug anywhere.

Answer 1

Does this mean that the fix for such bug is not available for Ubuntu?

The fix is not available in the Ubuntu repos yet. You can check this page to see the status. The page is updated by the Ubuntu security team. It's about both vulnerabilities, contains links to the various CVEs.

Answer 2

Updates are available now !

• 2017 Nov 09: the Ubuntu Security team is notified by Intel under NDA
• 2018 Jan 03: issue becomes public a few days before the CRD
• 2018 Jan 09: Ubuntu kernel updates available (for patching Meltdown) for Ubuntu 16.04 LTS, Ubuntu 17.10, Ubuntu 14.04 LTS (HWE) and Ubuntu 14.04 LTS.
• 2018 Jan 10: Cloud images are available (for patching Meltdown) from http://cloud-images.ubuntu.com:
• <TBD>: Core image updates

---

Source : Ubuntu Wiki & Blog post

Answer 3

As previously stated, as of now (January 4, 2018) there are no official fixes available for Ubuntu, what you can do though is to update your kernel to the latest release manually. Keep in mind that updating the kernel will only fix Meltdown, since there's no known fix for Spectre yet. The latest kernel stable is 4.14.11, you can download the compiled files from the Kernel PPA here: http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.14.11/

If your system is 32-bit you'll want these files:

linux-headers-4.14.11-041411_4.14.11-041411.201801022143_all.deb

linux-headers-4.14.11-041411-generic_4.14.11-041411.201801022143_i386.deb

linux-image-4.14.11-041411-generic_4.14.11-041411.201801022143_i386.deb

If your system is 64-bit you'll want these files:

linux-headers-4.14.11-041411_4.14.11-041411.201801022143_all.deb

linux-headers-4.14.11-041411-generic_4.14.11-041411.201801022143_amd64.deb

linux-image-4.14.11-041411-generic_4.14.11-041411.201801022143_amd64.deb

Just download the three for your system, put them in a folder and do sudo dpkg -i *.deb, then reboot your PC.

Another thing you could consider (which is what I do), you can try using a rolling release distro. Antergos (https://antergos.com/) is great because it allows you to use pretty much any desktop environment with no setup (except for Unity) and it's Arch Linux based.