Patching Meltdown on Ubuntu

Patching Meltdown on Ubuntu

This is not relevant to classic miniserver products for more information read here.

Check if the patch has been applied and booted already:

Run this command :

grep -i isolation /var/log/kern.log

Look for output similar to this line:

[    0.000000] !Kernel/User page tables isolation: enabled

"enabled" means that your kernel has been patched and is no longer vulnerable to meltdown.

To double-check, ensure the kernel version shown with uname -a matches one of the patched kernels detailed below.

If you do not see the line after running the grep command, or your running kernel does not match the list below, perform the following steps to update manually:

Apply patches

Update the package lists:

sudo apt-get update

Install the latest kernel and intel-microcode packages:

sudo apt-get install linux-generic intel-microcode

Reboot the server:

sudo shutdown -r now

After boot run:

dmesg | grep "Kernel/User page tables isolation: enabled"

Look for output similar to this line:

"[    0.000000] !Kernel/User page tables isolation: enabled"

To double-check, ensure the kernel version shown with uname -a matches or is greater than one of the patched kernels below.

  • Trusty
    • linux-image-generic 3.13.0.139.148
    • linux-image-3.13.0-139-lowlatency 3.13.0-139.188
    • linux-image-lowlatency 3.13.0.139.148
    • linux-image-3.13.0-139-generic 3.13.0-139.188
  • Xenial
    • linux-image-4.4.0-108-lowlatency 4.4.0-108.131
    • linux-image-4.4.0-108-generic 4.4.0-108.131
    • linux-image-generic 4.4.0.108.113
    • linux-image-lowlatency 4.4.0.108.113

Last updated 31 January 2018, 11:25 GMT