Current status of Spectre/Meltdown on Ubuntu 17.10

  • 19 January 2018
  • charm

Linux Chef/Author Marcel Gagne posted a link to a Spectre/Meltdown tool recently on Twitter: https://twitter.com/wftl/status/954004068292165632. I tested one of the systems I use and despite the fact that it's running the latest (but not bleeding edge) Ubuntu 17.10 the kernel appears to venerable to at least 2 of the 3 vulnerabilities (both Spectre-related). I looked around for how to patch the kernel, found one site in particular with the words "patch," "Ubuntu 17.10" and "Spectre/Meltdown," but after completing all the steps it didn't resolve the two Spectre issues. At first I thought I might have skipped a step (in truth I did all the steps long before the article, but I redid the steps anyway) and then I noticed near the bottom of the article that Canonical apparently hasn't resolved the two issues yet.

I also tried upgrading to a more bleeding edge kernel, but I ended up with an un-bootable system, so I reverted back to the old (4.13.0-25-generic) kernel.

Softpedia had an article that indicated some patches were made to Firefox version 57.0.4 to help mitigate the Spectre problem. The system I ran the spectre checker on happens to run Firefox 57.0.4. So, although the kernel is still susceptible to attack, Firefox is at least helping mitigate the attacks until a more complete solution can be found.

During the process I also talked with one of our volunteers in Computer Recycling who mentioned that the Linux Mint web site has quite good information about Spectre/Meltdown as they relate to Mint. The Linux Mint team appears to have already patched the issue in the kernel, and they've also outlined Firefox, Chrome, Opera, and NVidia patches.

Add new comment