Solution and Patch for Meltdown Spectre CPU Vulnerability

A very serious security problem has been found and patched in the Linux kernel. It was announced on 3rd January 2018. Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. Learn more how this Solution and Patch for Meltdown Spectre CPU Vulnerability.

We need to update fixes to mitigate all 3 variants CVE-2017-5753 (variant 1), CVE-2017-5715 (variant 2), and CVE-2017-5754 (variant 3) on your machine.

Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)

A list of affected Linux distro by Spectre Vulnerabilities.

Red Hat Enterprise Linux 5 (including clones such as CentOS/Oracle/Scientific Linux 5)
Red Hat Enterprise Linux 6 (including clones such as CentOS/Oracle/Scientific Linux 6)
Red Hat Enterprise Linux 7 (including clones such as CentOS/Oracle/Scientific Linux 7)
RHEV-M 4.0
RHEV-M for Servers
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
Red Hat Enterprise MRG 2
Red Hat OpenStack Platform v 8/9/10/11/12
Debian Linux wheezy
Debian Linux jessie
Debian Linux stretch
Deiban Linux buster, sid
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE OpenStack Cloud 6
Openstack Cloud Magnum Orchestration 7
SUSE Container as a Service Platform ALL
SUSE Linux Enterprise High Availability 12 SP2/SP3
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Software Development Kit 11/12 SP3/SP4
SUSE Linux Enterprise for SAP 12 SP1
SUSE Linux Enterprise 11
SUSE Linux Enterprise 12
OpenSuse Linux based upon SUSE 12/11
Fedora Linux 26
Fedora Linux 27
Amazon Linux AMI (Bulletin ID: ALAS-2018-939)

meltdown and spectre Vulnerability

How to fix Meltdown Spectre CPU Vulnerability on CentOS/RHEL/Fedora/Oracle

run yum update command, Note: This will upgrade your OS version

# sudo uname -r
3.10.0-327.10.1.el7.x86_64

# sudo yum update -y
# sudo reboot

Once rebooted, verify your kernel version

# sudo uname -r
3.10.0-693.21.1.el7.x86_64

Use below command to verify the patchs in kernel.

# rpm -q --changelog kernel | egrep 'CVE-2017-5715|CVE-2017-5753|CVE-2017-5754'

 

The solution for the Meltdown and Spectre Vulnerability on a Debian/Ubuntu Linux

# sudo apt-get update
# sudo apt-get dist-upgrade
# sudo reboot

 

The solution for the Meltdown and Spectre Vulnerability on Amazon Linux running on AWS

run yum command:
# yum update kernel
# reboot

 

The solution for the Meltdown and Spectre Vulnerability on Arch Linux

run pacman command:
# pacman -Syu
# reboot

 

The solution for the Meltdown and Spectre Vulnerability on Suse Enterprise Linux Server 12-SP3

Execute the zypper command:
# zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-12=1
### [ To bring your system up-to-date ] ###
# zypper patch
# reboot

 

How to patch Meltdown and Spectre Vulnerability in existing OS version.

 

Upgrade kernel version on CentOS 7.2. First, check the kernel dependencies and update it.

Example

[root@localhost ~]# rpm -ivh kernel-3.10.0-693.21.1.el7.x86_64.rpm
error: Failed dependencies:
dracut >= 033-502 is needed by kernel-3.10.0-693.21.1.el7.x86_64
linux-firmware >= 20170606-55 is needed by kernel-3.10.0-693.21.1.el7.x86_64
xfsprogs < 4.3.0 conflicts with kernel-3.10.0-693.21.1.el7.x86_64
kmod < 20-9 conflicts with kernel-3.10.0-693.21.1.el7.x86_64
kexec-tools < 2.0.14-3 conflicts with kernel-3.10.0-693.21.1.el7.x86_64

Solution

[root@localhost ~]# yum update dracut linux-firmware xfsprogs kmod kexec-tools kernel-3.10.0-693.21.1.el7.x86_64 -y
[root@localhost ~]# reboot

 

[root@localhost ~]# uname -r
3.10.0-693.21.1.el7.x86_64

 

[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

Upgrade kernel version on CentOS 7.3. First, check the kernel dependencies and update it.

[root@localhost ~]# rpm -ivh kernel-3.10.0-693.21.1.el7.x86_64.rpm
error: Failed dependencies:
dracut >= 033-502 is needed by kernel-3.10.0-693.21.1.el7.x86_64
linux-firmware >= 20170606-55 is needed by kernel-3.10.0-693.21.1.el7.x86_64
kexec-tools < 2.0.14-3 conflicts with kernel-3.10.0-693.21.1.el7.x86_64

[root@localhost ~]# yum update dracut linux-firmware kexec-tools kernel-3.10.0-693.21.1.el7.x86_64 -y
[root@localhost ~]# reboot

 

[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)

 

[root@localhost ~]# uname -r
3.10.0-693.21.1.el7.x86_64

 

You can verify the Meltdown security bug patch in kernel.

[root@localhost ~]# rpm -q --changelog kernel | egrep 'CVE-2017-5715|CVE-2017-5753|CVE-2017-5754'