Secure Linux Mint Against Meltdown and Spectre Vulnerabilities

These days, everyone knows about the Meltdown and Spectre flaws which affect all the modern CPUs, including all Intel CPUs from the past decade, and certain ARM64 and AMD CPUs in case of Spectre. The team behind the Linux Mint project is warning users and giving useful recommendations on how to secure your Linux Mint machine.

If you are not aware about the Meltdown and Spectre vulnerabilities, we have covered them in detail in these two articles:

In short, both Meltdown and Spectre vulnerabilities allow a process to read the private data of any other process, even from outside a virtual machine. This is possible due to Intel's implementation of how their CPUs prefetch data. This cannot be fixed by patching the OS only. The fix involves updating the OS kernel, as well as a CPU microcode update and possibly even a UEFI/BIOS/firmware update for some devices, to fully mitigate the exploits.

Main recommendation, as expected, is to install all updates available to the OS.

Browsers

Updates include the recently released Firefox 57.0.4. This version of the browser has extra protection against the mentioned threats. Both attacks rely on precise timing, so disabling or reducing the precision of several time sources in Firefox helps. Refer to the following article: Firefox 57.0.4 released with Meltdown and Spectre attack workaround.

Note: If you are a Chromium/Google Chrome user, the fix for your browser is expected in the upcoming version 64. Currently, you can quickly secure the browser by enabling the Full Site Isolation feature. See the article Secure Google Chrome against Meltdown and Spectre vulnerabilities

The Opera browser has the same the Full Site Isolation feature. Type the address opera://flags/?search=enable-site-per-process in the address bar and enable the flag to protect yourself against the vulnerabilities.

 

Drivers

The second suggestion for Linux Mint users is to install NVIDIA drivers version 384.111 if you are using the proprietary drivers. In Linux Mint 17.x and 18.x, this update is available in the Update Manager. Linux Mint Debian Edition users can download the drivers from the NVIDIA Website.

Linux Kernel

The team is working to release an updated kernel for Linux Mint 18.x and Linux Mint 17.x. As of this writing, only the Debian edition of the OS has got the updated kernel, which is 3.16.51-3+deb8u1.

Generally, if you install all the available updates as soon as they become available, then you are protected. Since these vulnerabilities can be exploited using just JavaScript in the browser, consider avoiding untrusted web sites or keep JavaScript disabled or whitelisted using add-ons like NoScript for Firefox or ScriptBlock for Google Chrome/Chromium-based browsers.

That's it.

3 thoughts on “Secure Linux Mint Against Meltdown and Spectre Vulnerabilities

  1. Alex

    You just mentioned “Linux kernel” twice..

    Reply
  2. Toshik

    Remove duplicate Drivers and Linux Kernel sections.

    Reply
  3. Sergey Tkachenko Post author

    Thanks guys, fixed!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *