Ubuntu and Spectre Meltdown

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I have installed the latest BIOS on my notebook. The manufacturer of the notebook states that the BIOS update will include corrections regarding Spectre/Meltdown vulnerabilities.



My question is:

What microcode does Ubuntu 14.04 LTS use?

Does it load the microcode from BIOS or does it load the microcode from the system files on the HD?

When it uses the microcode from the HD, I am afraid it could be an older version which is not Spectre/Meltdown proof.



My subsequent question is:

How to check which microcode is loaded and used by the system and how to check which one is a newer version?










share|improve this question









New contributor




Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 1




    Are you regularly upgrading from the -security repository? If so, then you have all released patches for Spectre/Meltdown. The Ubuntu Security Team is quite prompt about pushing those patches out to all supported released of Ubuntu. If you are not regularly upgrading from the -security repository, then begin doing so, of course.
    – user535733
    2 hours ago







  • 2




    Possible duplicate of What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?
    – N0rbert
    2 hours ago










  • I think that the BIOS loads its modifications first since it runs first and then the OS loads its modifications. I assume there's some versioning or something that tells it which takes priority.
    – Chai T. Rex
    2 hours ago











  • @N0rbert I don't think that's a duplicate. That's more about whether and how far along Ubuntu is in solving the problem and won't answer at all what the situation is when both BIOS and Ubuntu try to solve the problem.
    – Chai T. Rex
    2 hours ago














up vote
2
down vote

favorite












I have installed the latest BIOS on my notebook. The manufacturer of the notebook states that the BIOS update will include corrections regarding Spectre/Meltdown vulnerabilities.



My question is:

What microcode does Ubuntu 14.04 LTS use?

Does it load the microcode from BIOS or does it load the microcode from the system files on the HD?

When it uses the microcode from the HD, I am afraid it could be an older version which is not Spectre/Meltdown proof.



My subsequent question is:

How to check which microcode is loaded and used by the system and how to check which one is a newer version?










share|improve this question









New contributor




Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 1




    Are you regularly upgrading from the -security repository? If so, then you have all released patches for Spectre/Meltdown. The Ubuntu Security Team is quite prompt about pushing those patches out to all supported released of Ubuntu. If you are not regularly upgrading from the -security repository, then begin doing so, of course.
    – user535733
    2 hours ago







  • 2




    Possible duplicate of What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?
    – N0rbert
    2 hours ago










  • I think that the BIOS loads its modifications first since it runs first and then the OS loads its modifications. I assume there's some versioning or something that tells it which takes priority.
    – Chai T. Rex
    2 hours ago











  • @N0rbert I don't think that's a duplicate. That's more about whether and how far along Ubuntu is in solving the problem and won't answer at all what the situation is when both BIOS and Ubuntu try to solve the problem.
    – Chai T. Rex
    2 hours ago












up vote
2
down vote

favorite









up vote
2
down vote

favorite











I have installed the latest BIOS on my notebook. The manufacturer of the notebook states that the BIOS update will include corrections regarding Spectre/Meltdown vulnerabilities.



My question is:

What microcode does Ubuntu 14.04 LTS use?

Does it load the microcode from BIOS or does it load the microcode from the system files on the HD?

When it uses the microcode from the HD, I am afraid it could be an older version which is not Spectre/Meltdown proof.



My subsequent question is:

How to check which microcode is loaded and used by the system and how to check which one is a newer version?










share|improve this question









New contributor




Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I have installed the latest BIOS on my notebook. The manufacturer of the notebook states that the BIOS update will include corrections regarding Spectre/Meltdown vulnerabilities.



My question is:

What microcode does Ubuntu 14.04 LTS use?

Does it load the microcode from BIOS or does it load the microcode from the system files on the HD?

When it uses the microcode from the HD, I am afraid it could be an older version which is not Spectre/Meltdown proof.



My subsequent question is:

How to check which microcode is loaded and used by the system and how to check which one is a newer version?







security bios microcode






share|improve this question









New contributor




Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 2 hours ago









zx485

1,1321014




1,1321014






New contributor




Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 2 hours ago









Barbara

111




111




New contributor




Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Barbara is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







  • 1




    Are you regularly upgrading from the -security repository? If so, then you have all released patches for Spectre/Meltdown. The Ubuntu Security Team is quite prompt about pushing those patches out to all supported released of Ubuntu. If you are not regularly upgrading from the -security repository, then begin doing so, of course.
    – user535733
    2 hours ago







  • 2




    Possible duplicate of What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?
    – N0rbert
    2 hours ago










  • I think that the BIOS loads its modifications first since it runs first and then the OS loads its modifications. I assume there's some versioning or something that tells it which takes priority.
    – Chai T. Rex
    2 hours ago











  • @N0rbert I don't think that's a duplicate. That's more about whether and how far along Ubuntu is in solving the problem and won't answer at all what the situation is when both BIOS and Ubuntu try to solve the problem.
    – Chai T. Rex
    2 hours ago












  • 1




    Are you regularly upgrading from the -security repository? If so, then you have all released patches for Spectre/Meltdown. The Ubuntu Security Team is quite prompt about pushing those patches out to all supported released of Ubuntu. If you are not regularly upgrading from the -security repository, then begin doing so, of course.
    – user535733
    2 hours ago







  • 2




    Possible duplicate of What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?
    – N0rbert
    2 hours ago










  • I think that the BIOS loads its modifications first since it runs first and then the OS loads its modifications. I assume there's some versioning or something that tells it which takes priority.
    – Chai T. Rex
    2 hours ago











  • @N0rbert I don't think that's a duplicate. That's more about whether and how far along Ubuntu is in solving the problem and won't answer at all what the situation is when both BIOS and Ubuntu try to solve the problem.
    – Chai T. Rex
    2 hours ago







1




1




Are you regularly upgrading from the -security repository? If so, then you have all released patches for Spectre/Meltdown. The Ubuntu Security Team is quite prompt about pushing those patches out to all supported released of Ubuntu. If you are not regularly upgrading from the -security repository, then begin doing so, of course.
– user535733
2 hours ago





Are you regularly upgrading from the -security repository? If so, then you have all released patches for Spectre/Meltdown. The Ubuntu Security Team is quite prompt about pushing those patches out to all supported released of Ubuntu. If you are not regularly upgrading from the -security repository, then begin doing so, of course.
– user535733
2 hours ago





2




2




Possible duplicate of What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?
– N0rbert
2 hours ago




Possible duplicate of What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?
– N0rbert
2 hours ago












I think that the BIOS loads its modifications first since it runs first and then the OS loads its modifications. I assume there's some versioning or something that tells it which takes priority.
– Chai T. Rex
2 hours ago





I think that the BIOS loads its modifications first since it runs first and then the OS loads its modifications. I assume there's some versioning or something that tells it which takes priority.
– Chai T. Rex
2 hours ago













@N0rbert I don't think that's a duplicate. That's more about whether and how far along Ubuntu is in solving the problem and won't answer at all what the situation is when both BIOS and Ubuntu try to solve the problem.
– Chai T. Rex
2 hours ago




@N0rbert I don't think that's a duplicate. That's more about whether and how far along Ubuntu is in solving the problem and won't answer at all what the situation is when both BIOS and Ubuntu try to solve the problem.
– Chai T. Rex
2 hours ago










2 Answers
2






active

oldest

votes

















up vote
2
down vote













The answer is:

It first loads the Microcode from the BIOS and then, while loading the OS, the newest Microcode is loaded again by the OS. Both are signed binary files which are supposedly impossible to tamper.



So if the version of the BIOS/UEFI is older than the version provided to the Operating System, the MicroCode is loaded/updated by the OS via a system update. Otherwise the BIOS/UEFI version is used.



The Operating System does load microcode during the booting process as mentioned in this WiKi:




The CPU-vendor-provided "opaque" update data itself, however, is non-free, and its contents are unknown to Debian. This "opaque" data is sent as-is to the CPU for processing, but only when the kernel and user-space utilities deem it necessary to do so. This means the microcode update is not sent to the system processor unless it is actually needed.



For example, the system will never send microcode update data to the processor when the processor reports that its already running either the same version or a newer version of the microcode (because the UEFI/BIOS already updated it). It will also not send microcode update data that is not appropriate to that system processor.







share|improve this answer






















  • What happens if there are conflicts (older vs newer versions of a fix, for example)?
    – Chai T. Rex
    2 hours ago











  • I honestly don't know (Ask Intel), but the sane approach would be to only use the newest version.
    – zx485
    2 hours ago










  • OK. but is there a method to check the version of the microcode Ubuntu is loading from the OS? There is still a chance the microcode in the BIOS is newer than that of the OS if the microcode shipped by Intel is not Linux conform e.g.
    – Barbara
    1 hour ago











  • @user535733: Ubuntu does load microcode to the processor if desired. See the edit of my answer.
    – zx485
    1 hour ago







  • 1




    @user535733: To complete our discussion: there are two ways of delivering a MicroCode update: First the BIOS/UEFI, second the OS. So if the first way doesn't work, the second has to do...
    – zx485
    1 hour ago


















up vote
1
down vote













Ubuntu does not use microcode (in the sense you are talking about) at all. Your CPU, however, does use microcode -- that is the code it needs to function.



Ubuntu provides amd- and intel-microcode packages, which provide updated firmware for that hardware. These packages are fully updated with all Spectre/Meltdown patches in all supported releases of Ubuntu.



Ongoing patches for vulnerabilities are handled by the Ubuntu Security Team. It's a normal part of support in a supported release of Ubuntu. You receive those patches routinely when you upgrade from Ubuntu's -security repository.



If you have questions about specific vulnerabilities, feel free to search the database of vulnerabilities and patches.



Determine which version of firmware your CPU is using with grep microcode /proc/cpuinfo



Finally, be aware that version numbers can misleading when checking for vulnerabilities: A patched package may not have a higher upstream version number (since it's not a new upstream version), but is still fixed and tested and no longer vulnerable. In these cases, Debian and Ubuntu add their own supplementary version numbers so you can tell the difference.






share|improve this answer






















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "89"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    Barbara is a new contributor. Be nice, and check out our Code of Conduct.









     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1083993%2fubuntu-and-spectre-meltdown%23new-answer', 'question_page');

    );

    Post as a guest






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    The answer is:

    It first loads the Microcode from the BIOS and then, while loading the OS, the newest Microcode is loaded again by the OS. Both are signed binary files which are supposedly impossible to tamper.



    So if the version of the BIOS/UEFI is older than the version provided to the Operating System, the MicroCode is loaded/updated by the OS via a system update. Otherwise the BIOS/UEFI version is used.



    The Operating System does load microcode during the booting process as mentioned in this WiKi:




    The CPU-vendor-provided "opaque" update data itself, however, is non-free, and its contents are unknown to Debian. This "opaque" data is sent as-is to the CPU for processing, but only when the kernel and user-space utilities deem it necessary to do so. This means the microcode update is not sent to the system processor unless it is actually needed.



    For example, the system will never send microcode update data to the processor when the processor reports that its already running either the same version or a newer version of the microcode (because the UEFI/BIOS already updated it). It will also not send microcode update data that is not appropriate to that system processor.







    share|improve this answer






















    • What happens if there are conflicts (older vs newer versions of a fix, for example)?
      – Chai T. Rex
      2 hours ago











    • I honestly don't know (Ask Intel), but the sane approach would be to only use the newest version.
      – zx485
      2 hours ago










    • OK. but is there a method to check the version of the microcode Ubuntu is loading from the OS? There is still a chance the microcode in the BIOS is newer than that of the OS if the microcode shipped by Intel is not Linux conform e.g.
      – Barbara
      1 hour ago











    • @user535733: Ubuntu does load microcode to the processor if desired. See the edit of my answer.
      – zx485
      1 hour ago







    • 1




      @user535733: To complete our discussion: there are two ways of delivering a MicroCode update: First the BIOS/UEFI, second the OS. So if the first way doesn't work, the second has to do...
      – zx485
      1 hour ago















    up vote
    2
    down vote













    The answer is:

    It first loads the Microcode from the BIOS and then, while loading the OS, the newest Microcode is loaded again by the OS. Both are signed binary files which are supposedly impossible to tamper.



    So if the version of the BIOS/UEFI is older than the version provided to the Operating System, the MicroCode is loaded/updated by the OS via a system update. Otherwise the BIOS/UEFI version is used.



    The Operating System does load microcode during the booting process as mentioned in this WiKi:




    The CPU-vendor-provided "opaque" update data itself, however, is non-free, and its contents are unknown to Debian. This "opaque" data is sent as-is to the CPU for processing, but only when the kernel and user-space utilities deem it necessary to do so. This means the microcode update is not sent to the system processor unless it is actually needed.



    For example, the system will never send microcode update data to the processor when the processor reports that its already running either the same version or a newer version of the microcode (because the UEFI/BIOS already updated it). It will also not send microcode update data that is not appropriate to that system processor.







    share|improve this answer






















    • What happens if there are conflicts (older vs newer versions of a fix, for example)?
      – Chai T. Rex
      2 hours ago











    • I honestly don't know (Ask Intel), but the sane approach would be to only use the newest version.
      – zx485
      2 hours ago










    • OK. but is there a method to check the version of the microcode Ubuntu is loading from the OS? There is still a chance the microcode in the BIOS is newer than that of the OS if the microcode shipped by Intel is not Linux conform e.g.
      – Barbara
      1 hour ago











    • @user535733: Ubuntu does load microcode to the processor if desired. See the edit of my answer.
      – zx485
      1 hour ago







    • 1




      @user535733: To complete our discussion: there are two ways of delivering a MicroCode update: First the BIOS/UEFI, second the OS. So if the first way doesn't work, the second has to do...
      – zx485
      1 hour ago













    up vote
    2
    down vote










    up vote
    2
    down vote









    The answer is:

    It first loads the Microcode from the BIOS and then, while loading the OS, the newest Microcode is loaded again by the OS. Both are signed binary files which are supposedly impossible to tamper.



    So if the version of the BIOS/UEFI is older than the version provided to the Operating System, the MicroCode is loaded/updated by the OS via a system update. Otherwise the BIOS/UEFI version is used.



    The Operating System does load microcode during the booting process as mentioned in this WiKi:




    The CPU-vendor-provided "opaque" update data itself, however, is non-free, and its contents are unknown to Debian. This "opaque" data is sent as-is to the CPU for processing, but only when the kernel and user-space utilities deem it necessary to do so. This means the microcode update is not sent to the system processor unless it is actually needed.



    For example, the system will never send microcode update data to the processor when the processor reports that its already running either the same version or a newer version of the microcode (because the UEFI/BIOS already updated it). It will also not send microcode update data that is not appropriate to that system processor.







    share|improve this answer














    The answer is:

    It first loads the Microcode from the BIOS and then, while loading the OS, the newest Microcode is loaded again by the OS. Both are signed binary files which are supposedly impossible to tamper.



    So if the version of the BIOS/UEFI is older than the version provided to the Operating System, the MicroCode is loaded/updated by the OS via a system update. Otherwise the BIOS/UEFI version is used.



    The Operating System does load microcode during the booting process as mentioned in this WiKi:




    The CPU-vendor-provided "opaque" update data itself, however, is non-free, and its contents are unknown to Debian. This "opaque" data is sent as-is to the CPU for processing, but only when the kernel and user-space utilities deem it necessary to do so. This means the microcode update is not sent to the system processor unless it is actually needed.



    For example, the system will never send microcode update data to the processor when the processor reports that its already running either the same version or a newer version of the microcode (because the UEFI/BIOS already updated it). It will also not send microcode update data that is not appropriate to that system processor.








    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 1 hour ago

























    answered 2 hours ago









    zx485

    1,1321014




    1,1321014











    • What happens if there are conflicts (older vs newer versions of a fix, for example)?
      – Chai T. Rex
      2 hours ago











    • I honestly don't know (Ask Intel), but the sane approach would be to only use the newest version.
      – zx485
      2 hours ago










    • OK. but is there a method to check the version of the microcode Ubuntu is loading from the OS? There is still a chance the microcode in the BIOS is newer than that of the OS if the microcode shipped by Intel is not Linux conform e.g.
      – Barbara
      1 hour ago











    • @user535733: Ubuntu does load microcode to the processor if desired. See the edit of my answer.
      – zx485
      1 hour ago







    • 1




      @user535733: To complete our discussion: there are two ways of delivering a MicroCode update: First the BIOS/UEFI, second the OS. So if the first way doesn't work, the second has to do...
      – zx485
      1 hour ago

















    • What happens if there are conflicts (older vs newer versions of a fix, for example)?
      – Chai T. Rex
      2 hours ago











    • I honestly don't know (Ask Intel), but the sane approach would be to only use the newest version.
      – zx485
      2 hours ago










    • OK. but is there a method to check the version of the microcode Ubuntu is loading from the OS? There is still a chance the microcode in the BIOS is newer than that of the OS if the microcode shipped by Intel is not Linux conform e.g.
      – Barbara
      1 hour ago











    • @user535733: Ubuntu does load microcode to the processor if desired. See the edit of my answer.
      – zx485
      1 hour ago







    • 1




      @user535733: To complete our discussion: there are two ways of delivering a MicroCode update: First the BIOS/UEFI, second the OS. So if the first way doesn't work, the second has to do...
      – zx485
      1 hour ago
















    What happens if there are conflicts (older vs newer versions of a fix, for example)?
    – Chai T. Rex
    2 hours ago





    What happens if there are conflicts (older vs newer versions of a fix, for example)?
    – Chai T. Rex
    2 hours ago













    I honestly don't know (Ask Intel), but the sane approach would be to only use the newest version.
    – zx485
    2 hours ago




    I honestly don't know (Ask Intel), but the sane approach would be to only use the newest version.
    – zx485
    2 hours ago












    OK. but is there a method to check the version of the microcode Ubuntu is loading from the OS? There is still a chance the microcode in the BIOS is newer than that of the OS if the microcode shipped by Intel is not Linux conform e.g.
    – Barbara
    1 hour ago





    OK. but is there a method to check the version of the microcode Ubuntu is loading from the OS? There is still a chance the microcode in the BIOS is newer than that of the OS if the microcode shipped by Intel is not Linux conform e.g.
    – Barbara
    1 hour ago













    @user535733: Ubuntu does load microcode to the processor if desired. See the edit of my answer.
    – zx485
    1 hour ago





    @user535733: Ubuntu does load microcode to the processor if desired. See the edit of my answer.
    – zx485
    1 hour ago





    1




    1




    @user535733: To complete our discussion: there are two ways of delivering a MicroCode update: First the BIOS/UEFI, second the OS. So if the first way doesn't work, the second has to do...
    – zx485
    1 hour ago





    @user535733: To complete our discussion: there are two ways of delivering a MicroCode update: First the BIOS/UEFI, second the OS. So if the first way doesn't work, the second has to do...
    – zx485
    1 hour ago













    up vote
    1
    down vote













    Ubuntu does not use microcode (in the sense you are talking about) at all. Your CPU, however, does use microcode -- that is the code it needs to function.



    Ubuntu provides amd- and intel-microcode packages, which provide updated firmware for that hardware. These packages are fully updated with all Spectre/Meltdown patches in all supported releases of Ubuntu.



    Ongoing patches for vulnerabilities are handled by the Ubuntu Security Team. It's a normal part of support in a supported release of Ubuntu. You receive those patches routinely when you upgrade from Ubuntu's -security repository.



    If you have questions about specific vulnerabilities, feel free to search the database of vulnerabilities and patches.



    Determine which version of firmware your CPU is using with grep microcode /proc/cpuinfo



    Finally, be aware that version numbers can misleading when checking for vulnerabilities: A patched package may not have a higher upstream version number (since it's not a new upstream version), but is still fixed and tested and no longer vulnerable. In these cases, Debian and Ubuntu add their own supplementary version numbers so you can tell the difference.






    share|improve this answer


























      up vote
      1
      down vote













      Ubuntu does not use microcode (in the sense you are talking about) at all. Your CPU, however, does use microcode -- that is the code it needs to function.



      Ubuntu provides amd- and intel-microcode packages, which provide updated firmware for that hardware. These packages are fully updated with all Spectre/Meltdown patches in all supported releases of Ubuntu.



      Ongoing patches for vulnerabilities are handled by the Ubuntu Security Team. It's a normal part of support in a supported release of Ubuntu. You receive those patches routinely when you upgrade from Ubuntu's -security repository.



      If you have questions about specific vulnerabilities, feel free to search the database of vulnerabilities and patches.



      Determine which version of firmware your CPU is using with grep microcode /proc/cpuinfo



      Finally, be aware that version numbers can misleading when checking for vulnerabilities: A patched package may not have a higher upstream version number (since it's not a new upstream version), but is still fixed and tested and no longer vulnerable. In these cases, Debian and Ubuntu add their own supplementary version numbers so you can tell the difference.






      share|improve this answer
























        up vote
        1
        down vote










        up vote
        1
        down vote









        Ubuntu does not use microcode (in the sense you are talking about) at all. Your CPU, however, does use microcode -- that is the code it needs to function.



        Ubuntu provides amd- and intel-microcode packages, which provide updated firmware for that hardware. These packages are fully updated with all Spectre/Meltdown patches in all supported releases of Ubuntu.



        Ongoing patches for vulnerabilities are handled by the Ubuntu Security Team. It's a normal part of support in a supported release of Ubuntu. You receive those patches routinely when you upgrade from Ubuntu's -security repository.



        If you have questions about specific vulnerabilities, feel free to search the database of vulnerabilities and patches.



        Determine which version of firmware your CPU is using with grep microcode /proc/cpuinfo



        Finally, be aware that version numbers can misleading when checking for vulnerabilities: A patched package may not have a higher upstream version number (since it's not a new upstream version), but is still fixed and tested and no longer vulnerable. In these cases, Debian and Ubuntu add their own supplementary version numbers so you can tell the difference.






        share|improve this answer














        Ubuntu does not use microcode (in the sense you are talking about) at all. Your CPU, however, does use microcode -- that is the code it needs to function.



        Ubuntu provides amd- and intel-microcode packages, which provide updated firmware for that hardware. These packages are fully updated with all Spectre/Meltdown patches in all supported releases of Ubuntu.



        Ongoing patches for vulnerabilities are handled by the Ubuntu Security Team. It's a normal part of support in a supported release of Ubuntu. You receive those patches routinely when you upgrade from Ubuntu's -security repository.



        If you have questions about specific vulnerabilities, feel free to search the database of vulnerabilities and patches.



        Determine which version of firmware your CPU is using with grep microcode /proc/cpuinfo



        Finally, be aware that version numbers can misleading when checking for vulnerabilities: A patched package may not have a higher upstream version number (since it's not a new upstream version), but is still fixed and tested and no longer vulnerable. In these cases, Debian and Ubuntu add their own supplementary version numbers so you can tell the difference.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 1 hour ago

























        answered 1 hour ago









        user535733

        6,20422537




        6,20422537




















            Barbara is a new contributor. Be nice, and check out our Code of Conduct.









             

            draft saved


            draft discarded


















            Barbara is a new contributor. Be nice, and check out our Code of Conduct.












            Barbara is a new contributor. Be nice, and check out our Code of Conduct.











            Barbara is a new contributor. Be nice, and check out our Code of Conduct.













             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1083993%2fubuntu-and-spectre-meltdown%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?