Patching Meltdown on Debian

Patching Meltdown on Debian

This is not relevant to classic miniserver products for more information read here.

Check if the patch has been applied and booted already:

Run this command :

grep "Kernel/User page tables isolation: enabled" /var/log/kern.log

Look for output similar to this line:

[    0.000000] Kernel/User page tables isolation: enabled

"enabled" means that your kernel has been patched and is no longer vulnerable to Meltdown.

To double-check, ensure the kernel version shown with uname -a matches one of the patched kernels detailed below.

If you do not see the line after running the grep command, or your running kernel does not match the list below, perform the following steps to update manually:

Apply patches

Update the package lists:

sudo apt-get update

Install the latest kernel and intel-microcode packages:

sudo apt-get install linux-image-amd64 intel-microcode

Reboot the server:

sudo shutdown -r now

After boot run:

grep "Kernel/User page tables isolation: enabled" /var/log/kern.log

Look for output similar to this line:

"[    0.000000] Kernel/User page tables isolation: enabled"

To double-check, ensure the kernel version shown with uname -a matches one of the patched kernels below.

  • Wheezy
    • 3.2.96-3
  • Jessie
    • 3.16.51-3+deb8u1
  • Stretch
    • 4.9.65-3+deb9u2

Last updated 31 January 2018, 11:24 GMT