Security notice: Meltdown and Spectre

Security updates are now available for Meltdown and Spectre.

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

If you haven’t already done so, please read “Meltdown and Spectre“.

These vulnerabilities are critical. They expose all memory data present on the computer to any application running locally (including to scripts run by your web browser).

Note: Meltdown and Spectre also affect smart phones and tablets. Please seek information on how to protect your mobile devices.

Firefox 57.0.4

Firefox was patched. Please use the Update Manager to upgrade it to version to 57.0.4.

NVIDIA 384.111

If you are using the NVIDIA proprietary drivers, upgrade them to version 384.111.

In Linux Mint 17.x and 18.x, this update is available in the Update Manager.

In LMDE, it is available on the NVIDIA Website.

Chrome Site Isolation

If you are using Google Chrome or Chromium, please follow the steps below:

  • Type chrome://flags in the address bar and press Enter.
  • Scroll down the page and find “Strict site isolation” and press the Enable button.
  • Restart the Chrome browser.


If you are using the Opera browser, visit opera://flags/?search=enable-site-per-process, click Enable and restart Opera.

Linux Kernel

Please use the Update Manager to upgrade your Linux kernel.

The following versions were patched:

  • 3.13 series (Linux Mint 17 LTS): patched in 3.13.0-139
  • 3.16 series (LMDE): patched in 3.16.51-3+deb8u1
  • 4.4 series (Linux Mint 17 HWE and Linux Mint 18 LTS): patched in 4.4.0-108
  • 4.13 series (Linux Mint 18 HWE): patched in 4.13.0-25

Note: The current HWE series in Linux Mint 18 moved from 4.10 to 4.13.

Some users reported issues with early kernel updates (4.4.0-108 issues in particular were fixed since in 4.4.0-109). We strongly recommend you use Timeshift to create a system snapshot before applying the updates. Timeshift is installed by default in Linux Mint 18.3 and available in the repositories for all Linux Mint 17.x and 18.x releases.

Intel Microcode

Please use the Update Manager to upgrade intel-microcode to version 3.20180108.0.

Note: If intel-microcode isn’t installed on your computer, run the Driver Manager to see if it’s needed.

Other Updates

Other updates should become available in the near future, make sure to often apply all security updates.

General Advice

Locally, you should backup your personal data and set up daily system snapshots (timeshift is recommended for that).

Check for available security updates often, and apply them as they become available. In your Update Manager these are marked with a red exclamation mark.

Review any sensitive information stored online.

Stay away from 3rd party applications, proprietary in particular and do not visit websites you don’t trust on devices which haven’t been patched.

Consider securing access to your important data (your email account in particular) with 2 factor authentication.


  1. Just a thought, in the blog you mention that the NVIDIA driver should be updated, myt Driver Manager only lists 340.102-0ubuntu0.16.04.2 for my GeForce 820M. NVIDIA states that the 384 series driver is compatible.
    What to do? Will the 384 driver work with the Prime indicator as well?

  2. You wrote “Firefox was patched. Please use the Update Manager to upgrade it to version to 57.0.4.”

    Unfortunately, the Update Manager is not not showing Firefox version 57.0.4. Even after pressing the Refresh button. Still on Firefox 57.0.3.

    Any suggestions?

    Thank you

    1. I had that problem. I changed the policy updates from 1st to 2nd and Firefox 57.0.4 showed.

    2. @Linux Mint: Thank you. Unfortunately a few mirrors which we tried did not find the update. The solution which found the update was clicking on “Restore the default settings” in “Software Sources”. Is it worth adding this to your instructions above if the update is not found?

    3. I used Upgrade Manager yesterday evening (US CST), which in my case uses the default mirror and the update to 57.0.4 worked fine.

    4. I am on FIrefox 54.0 (Firefox for Linux Mint – 1.0) and can’t for the life of me get Update Manager to show any updates for Firefox, let alone 57.0.4. My update policy is the default (no 2-review sensitive updates) and as suggested in this thread, I have tried Restoring the Software Sources to the default setting (which had not been changed since the clean install of LM 18.3) but nothing shows up other then the 4.13 kernel (yes I know than 4.10 is not being patched) and mesa. Any help would be greatly appreciated (eg perhaps a mirror I can point? or maybe get it from mozilla somehow). I am relatively new to Linux with fairly basic command line skills. Thanks in advance, Chris. PS: Software Manager just shows Firefox 57.0+linuxmint1+sylvia.

    5. This is what it says:

      apt policy firefox
      Installed: 57.0+linuxmint1+sylvia
      Candidate: 57.0.4+linuxmint1+sylvia
      Version table:
      57.0.4+linuxmint1+sylvia 700
      700 sylvia/upstream amd64 Packages
      57.0.4+build1-0ubuntu0.16.04.1 500
      500 xenial-updates/main amd64 Packages
      500 xenial-security/main amd64 Packages
      *** 57.0+linuxmint1+sylvia 100
      100 /var/lib/dpkg/status
      45.0.2+build1-0ubuntu1 500
      500 xenial/main amd64 Packages

      Thanks, Chris

    6. I pasted the output of “apt policy firefox” in a previous post yesterday, as requested, but not sure if it got thru as it is still showing “awaiting moderation”.

    7. Thank you so much for following up. Here is the output you requested. Not sure why or how it happened but I see in the listing below that it is show that firefox is blacklisted, so will try an remove from the list and hopefully that will fix the problem.

      gsettings list-recursively com.linuxmint.updates
      com.linuxmint.updates show-type-column true
      com.linuxmint.updates show-size-column false
      com.linuxmint.updates level2-is-visible true
      com.linuxmint.updates show-policy-configuration false
      com.linuxmint.updates window-height 693
      com.linuxmint.updates autorefresh-days 0
      com.linuxmint.updates kernel-updates-are-visible true
      com.linuxmint.updates show-new-version-column true
      com.linuxmint.updates show-package-column true
      com.linuxmint.updates hide-window-after-update false
      com.linuxmint.updates dist-upgrade true
      com.linuxmint.updates hide-kernel-update-warning false
      com.linuxmint.updates level3-is-visible true
      com.linuxmint.updates security-updates-are-visible true
      com.linuxmint.updates autorefresh-minutes 0
      com.linuxmint.updates default-repo-is-ok false
      com.linuxmint.updates level1-is-safe true
      com.linuxmint.updates security-updates-are-safe true
      com.linuxmint.updates show-origin-column false
      com.linuxmint.updates refresh-minutes 10
      com.linuxmint.updates level2-is-safe true
      com.linuxmint.updates level3-is-safe false
      com.linuxmint.updates blacklisted-packages [‘firefox’]
      com.linuxmint.updates level4-is-visible true
      com.linuxmint.updates level5-is-safe false
      com.linuxmint.updates autorefresh-hours 2
      com.linuxmint.updates refresh-days 0
      com.linuxmint.updates level4-is-safe false
      com.linuxmint.updates window-width 790
      com.linuxmint.updates window-pane-position 280
      com.linuxmint.updates show-old-version-column false
      com.linuxmint.updates kernel-updates-are-safe false
      com.linuxmint.updates hide-systray false
      com.linuxmint.updates level1-is-visible true
      com.linuxmint.updates show-level-column true
      com.linuxmint.updates level5-is-visible false
      com.linuxmint.updates show-descriptions true
      com.linuxmint.updates refresh-hours 0

      Thanks again.

    8. OK subsequent to my last post, I managed to find where the blacklist is kept (for those that don’t know – Update Manager Preferences ) and remove firefox from it and that has resolved the issue of it not showing up.
      Sorry for taking up your valuable time but thank so much for your help. Cheers Chris.

  3. As a casual but long-time Linux Mint user, I have always been wary of taking kernel updates (although I suppose I need to reevaluate that position). For this case, is the one I should choose whatever comes up for me under category 4 in the Update Manager or do I need to learn how to select the proper one from the longer list?

    1. The kernel hasn’t been updated yet. Keep an eye on the link above for when an update is available. It will tell you the version(s) that have the patches.

    2. You should stick to the kernel updates available in the main screen of the Update Manager. If you do, these will always show the latest kernel available for the series you’re on, and that series either is LTS (kernel 4.4 in Mint 18.x) or HWE (currently 4.10), both of which receive security updates.

      The “long list of kernels” in the view->kernels windows is to troubleshoot, look for more information, bug reports, or switch series in case some of your hardware is too new and requires a more recent kernel than LTS or HWE. When you move away from LTS/HWE you take the risk not to get security updates, and you take the risk that some of the modules you’re using (for broadcom, nvidia etc..) might not work with that particular kernel series.

      Switching kernels is easy, it’s better documented than before and if you read the help section of the Update Manager you have all the information you need to get back on your feet and go back to your previous kernel, in case of an issue. Not only that, but we can also now rely on timeshift, so anything you do to your system, any regression or misstep can be solved by going back in time to your previous system snapshot.

      It’s worth taking time and experimenting with timeshift and recovery tools. That category 4 is there to tell you this can impact your system, and the security flag beside it tells you you need to apply it. The best thing to do is to read the doc, create a snapshot in timeshift and apply the security updates.

    1. No, it depends on your hardware. The driver manager can recommend 384, but also 340.. it really depends on your GPU.

      Note also that the Driver Manager doesn’t show updates per se. It’s a driver selector/installer. Use the Update Manager to make sure your driver is actually up to date.

    2. Not at all. Linux Mint 18.1 is supported until 2021. You can upgrade to 18.3, but you don’t have to, and you certainly don’t need to reinstall.

    3. There is a simple rule to remember using Linux( I still have my RedHat)…If it’s working?
      Why fix it or upgrade unless you are also upgrading hardware as well.
      If you set it up properly, it will run like a Swiss clock\watch or remember the Timex commercials…Takes a Licking and Keeps ON ticking!
      <3 LINUX

    1. I’ve read that the speculative code execution feature has been present in most Intel processors since 1995. SO chances are your processor is affected unless you got your computer from a museum exhibit.

    2. hi Hamza

      referring to Chipsets, nearly all Manufacturers are affected according to heise and other sources! This thins is big and is is a big threat!! Please update and patch your system and you also should instal Microcode-Updates as soon as they become available! I will do this too! I am already on waiting on hot coal.

    3. Most (if not all) CPUs of the last 10 years are affected. There are very few very special CPUs like those of the Raspberry Pie that are not vulnerable.

      Rule of thumb: If you bought your computer / cellphone / router / graphics card more than 10 years ago, chances are that they are not vulnerable in that specific scenarios. But you should be aware that these very old designs have other security issues that can’t be fixed 🙂

  4. @chemicalfan – I’m running 18.3.

    I installed 384.111 and everything seems to be running fine so far. The only thing that’s odd is that now the Driver Manager shows I’m using noveau.

  5. what about other software security?
    Version 52.5.2, first offered to Release channel users on December 22, 2017
    inclunding two critical bugs:

    on Linux Mint 18.3 it’s still 52.5.0 in the repositories
    I don’t know why but especially updates for thunderbird take ages in Linux Mint (via Ubuntu viaDebian)

    on Spectre/Meltdown it’s worth reading some linux kernel maintainers view on things:
    “This means that the latest 4.14 release (4.14.12 at this moment in time), is what you should be running. (…) If you rely on any other kernel tree other than 4.4, 4.9, or 4.14 right now, and you do not have a distribution supporting you, you are out of luck. (…) Also, go yell at the people who forced you to run an obsoleted and insecure kernel version, they are the ones that need to learn that doing so is a totally reckless act.”

    1. Both Canonical and Debian are committed to providing security updates for the kernel series they maintain. We stick to the same series for this reason. Be aware also that the versions used by Canonical for kernel updates doesn’t necessarily match upstream kernel versions, some changes are backported and versions stay at at .0.

    2. @Linux Mint
      is it correct to say that you copy the Ubuntu kernels to us when Ubuntu updates them? Or are the newer kernels created by Mint?
      Just curious.
      Thanks, Peter
      (I assume Ubuntu gets the latest patched kernels from Debian, and then modifies them. perhaps I am totally wrong on that part)

    1. Hi Vitor,

      We’ve heard reports of issues with it. It seems to affect some people. This is being rushed upstream because of the severity of the vulnerabilities. 4.4.0-109 was released since, hopefully it should help.

    2. hi Vitor I

      Question: what graphics-card do you have?? If you have nvidia, then you first need to boot into “nomodset” and install the graphics-driver first and then reboot. This solves it.


  6. Running Cromium Version 63.0.3239.84 (Official Build) Built on Ubuntu , running on LinuxMint 18.3 (64-bit).
    Attempting to apply:-
    Type chrome://flags in the address bar and press Enter.
    Scroll down the page and find “Strict site isolation” and press the Enable button.
    Just does not work I tried “in Parenthesis” and without just in case –
    No options appear to change???
    Thank you for your “heads up” on all of these exploits

    1. Works fine for me on both Xfce 18.3 64bit and Maté 17.3 32bit. Enter the command without parenthesis. Press the button and a checkmark will appear.

    2. I had the exact same problem. Nothing came up in the search when I typed in “strict”. But “strict site isolation” came up when I typed in “site”. ???

  7. Hi LM Team,

    I am using LM 18.3 (Sylvia) with Kernel 4.8.0-53 it is safe with that kernel version or I should update kernel into 4.10? And which specific version of 4.10, because there are version 4.10.0-14 to 4.10.0-42.

    Thanks for your help.

    1. @ Sasya

      You should be on either kernel 3.13.139(= for older hardware), 4.4.108 or 4.13.25(= for newer hardware like Kabylake processors), in order to receive the KPTI/Meltdown patch.

      If on 4.13.25, you should later upgrade to kernel 4.15 LTS(= in May or June 2018 = LM 19.0) because 4.13 is not LTS. If kernel 4.15 proves unstable, revert to 4.13 or 4.4 LTS.

      Please refer to …

    2. Kernel 4.8.x is no longer supported. The patched kernels are branches 4.4 and 4.13, versions 108 and 25. The kernel 4.10.0-42 is prior to these vulnerabilities were known, so upgrading to that does not help.
      You can perfectly use the kernel 4.4.0-108 with LM 18.3 Sylvia if the kernel 4.13.0-25 is not going well for you.
      I’m going to install both and try. The 4.4.0-108 is working perfectly.

  8. I team :
    I did build AMDGPU-pro around 18.3 and kernel 4.10 and installed HWE also to have all the thing working .
    So no updates for 4.10 . The problem is cannot seem to be able to install the AMDGPU-pro around other kernels – I am guessing but It should be all in the HWE. Any direction will be appreciated.

    Thanks SB

    1. Hi,

      The jump to 4.13 on the HWE series is brand new and it was done in a rush to tackle this vulnerability. It’s possible some modules aren’t yet compatible with it. Keep an eye on 4.13 updates, Canonical is probably aware of it already.

    2. After receiving the updates to the 4.13.0-26 , and also the new HWE modules and
      reinstalling from scratch the *latest* AMDGPU-pro 17.50 driver everything went back to OK .
      Great . Thanks

  9. Question 1: Are GPUs also vulnerable to this exploit.
    Question 2: Are the Mint patches being tested first to ensure they don’t adversely slow down processors.

    Although I had an amazingly fast Intel CORE i7 processor in my laptop BEFORE the patch, my Windows 10 has since slowed down so much that it is next to unusable… on account of that very Microsoft security patch. I’d hate to think what would happen if I ditched Windows and permanently switched to ANY Linux distro let alone Mint.

    There has to be a better way to fix this problem.

    1. Hi Roy,

      Nobody in the industry is worried about the slow down just yet. It could become an issue and it could be tackled by a 2nd series of updates/fixes eventually, but right now these considerations are not as important as the vulnerabilities themselves.

    2. hi Roy

      in my LinuxMint 18.3, I cannot confirm this slow-down. But I can confirm this of you:

      “Although I had an amazingly fast Intel CORE i7 processor in my laptop BEFORE the patch, my Windows 10 has since slowed down so much that it is next to unusable… on account of that very Microsoft security patch”

      on my mothers machine with Windows10-1709! There we also see a perfomance-loss of nearly 30%! This is really also not nice.

      But: LinuxMint currently does not make such problems. Here I cannot confirm slow-downs in LinuxMint. And this:

      “I’d hate to think what would happen if I ditched Windows and permanently switched to ANY Linux distro let alone Mint.”

      would be a good idea, but you should decide for LinuxMint! Mint is not slow, not at all!

      Then to your question:

      “Question 1: Are GPUs also vulnerable to this exploit.”

      answer: YES! nearly all GPUs are affected (heise and other sources)

      “Question 2: Are the Mint patches being tested first to ensure they don’t adversely slow down processors.”

      dont’s know. But currently here I do not see any slow-down in my Toshiba-Laptop Satellite-C850-1LQ (Intel i3). So this slow-down seems something to be inside Windows. The best way to see this is within Windows-Update. This runs so slow, that it takes hours to download the updates. In LinuxMint – in opposite to this – this does not happen. That’s why I love my LinuMint and why I would really like to do tabula-Rasa on my mothers PC, wipe out Windows and install Mint! 😀


  10. Hi LM-Team,

    currently I’m a happy user of Linux Mint 18.3 with Kernel 4.10.0. As per Ubuntu they will not provide an update for this Kernel version but recommend to update to Kernel 4.13. Will Linux Mint 18.3 get an updatet 4.10. Kernel or will there be an update to 4.13?

  11. I’m not sure if I understand the situation correctly. Will there be a kernel update for LM 18.2? My 18.2 installation runs on kernel 4.10 , but I’ve also read that 4.10 will not be patched because Ubuntu 17.04 already went end-of-life. Will there be an update visible in the Update Manager or do I need to take action?

    1. Hi Sebastian,

      This information wasn’t available yesterday. The post above was updated since and your Update Manager should now suggest an update towards 4.13.

  12. With the greatest of respect to everybody involved, but perhaps it is time for the Mint team to re-evaluate how they approach the kernel updates in Mint itself? Reading through varies articles related to this issue, the advice is pretty straightforward. Update your kernel. Update, update, update. The Linux kernel developers themselves have also written in detail about why we should update and always apply the latest kernel updates. This round of updates is only the start. There are more updates to come as more patches are applied. Reading through the comments here, there seems to be confusion amongst the Mint users? Some never apply kernel updates, others are confused about the number of kernels available to them, others cannot seem to grasp which kernel update they should apply? Perhaps the choice of available kernels does not help? Having to choose between 4-5 different ones can be confusing. Why not just do it like everyone else? You have one kernel and that one receives updates. Simple and straightforward without any confusion caused. If advanced users want to use a different kernel branch, the onus is on them. This is a very serious security issue and the correct kernel updates need to be applied. Just by reading these comments, one can tell that there are some Mint users who won’t be using the correct kernels and won’t be running the latest security patches. This is one instance where security MUST take preference over “stability.” Please understand that I am not being critical of anybody. I am more hoping that my comments will lead to a positive and adult discussion of how to cause less confusion for the Mint users. Thank you!

    1. Hi Jacques,

      There are two kernel series in each release receiving security updates: LTS and HWE. The Update Manager is designed to follow these. Although there is a window to pick and view all kernels available, the main window of the Update Manager does that job for you and only suggests the latest one in your series.

      Now with that said, the comments made yesterday (including yours) were made at a time when kernel updates weren’t yet available and this blog didn’t mention which updates these would be (in particular it wasn’t clear whether HWE would move towards 4.13, and when/how).

    2. exactly, this kernel that kernel, this update that update, hwe, lts, I know lts, but apparently I have 4:13 hwe? now on 18.3 There needs to be an over haul, only need one kernel as far as I am concerned

    3. I’m sure there are plenty like me who have such out dated computers that upgrading has become problematic. My laptop ran Windows 7 before I loaded Linux Mint on it a few years ago. i looked forward to the updates until my laptop couldn’t handle the latest and greatest version of Mint anymore. It’s too slow or Mint has become too big for me. Unfortunately you can’t just replace Windows 10 with Linux any more. This laptop has reached the end of it’s useful life and I will have to order my next laptop on-line. That’s why people like me hesitate to update. We are delaying the inevitable. I do have an Android tablet ready but much prefer to use a laptop.

    4. For Jaques and Clemens ( Linux Mint ) Jaques I am on your side!!! Clemens please understand that your technical and programming view to all of this stay in the way to normal users. 90 % of the Linux Mint users will not follow this blog and probably 50 % procent will do any updates. Please be there for the users who are not here on this blog. That is where your thought has to be. They are the mean users. So Jaques idea is the best solution in any case and situation.

      To speak about my own situation:
      I am a long time Mint user. I never had felt in such a confusion with Linux Mint as what happens right now. It ONE BIG confusion to me. And I can tell you that I will be not the only one. What kernel? What header? LTS o.k but what is HWE? Clemens you speak in words as if any one who visit this blog will know all of this. Please be aware of user and that the majority of users who do not know all of this!

      Please try to find a way of communication, witch will explain it for not technical users. Or follow the great and secure solution of Jaques.

      I did what you told Jacues, I followed the Update manager in my case there was a update to 4.13.0-26. After reboot, there was a black screen. I had to go back to 4.10.0-38

      I am not native English speaking so I had to translate word by word – but I am angry and confused – and I think I have to get up and speak. And stand up for the users/people who are not visiting this blog or are not that technical at all to understand this!

    5. Wait… this announcement is here to explain things in detail. Your update manager presents things in a very simple way, it shows you one kernel update and one set of security updates and you should install that.

    6. Mint is just using Ubuntu kernel series and support dates. It looks a mess, but it’s actually reasonably simple once you know how it works.

      Ubuntu: each new LTS, version x.04, has a new GA (General Availability) kernel series, which will be supported for the life of that LTS release. The first point release, x.04.1, has the same kernel series and support end date.
      Non-LTS versions have kernel series with shorter support times, and the (also short-lived) LTS point releases from x.04.2 to x.04.4 use these HWE (Hardware Enablement) kernel series. The final LTS point release, x.04.5, has the same support end date as x.04 and x.04.1, but appears *after* the *next* LTS, and uses *that* GA kernel series as its HWE.

      Mint: Major non-point releases obviously use the GA kernel series. So do x.1 releases. Kernel updates will be offered in that series.
      Point releases x.2 and x.3 use HWE kernels in a new installation, but keep using a GA kernel series if installed as an upgrade. The definition of HWE keeps tracking Ubuntu, so somebody who initially installed 18.2 (or upgraded from 18 or 18.1 and also chose to upgrade the kernel series) would have started at that time with a 4.8 kernel, and since been offered 4.10 and now 4.13, and in a few months will be offered 4.15.

      Once Mint 19 is released (with a 4.15 kernel), 18 will retain support for 4.4 and 4.15 until it reaches end of life.

    7. “””Linux Mint >>> Wait… this announcement is here to explain things in detail. Your update manager presents things in a very simple way, it shows you one kernel update and one set of security updates and you should install that.”””

      Wait a moment >>> That’s exactly what I have done – the update manager showed as I wrote before – a new kernel update as 4.13.0-26 and that what I installed. But after reboot there was a black screen. I had to go back to 4.10.0-38.

      Please Clemens this is not a attack from my side to you, I try to explain how this all will work out for the most part of the users. This showcase shows probably directly where the real weak part is for Linux ( Mint ). Namely how can users be as quick as possible protected towards such thinks as Meltdown and Spectre or anything else in this kind of order.

      If we will and like that more and more people use Linux Mint normal daily users without any knowledge of computers we have to make it perfectly and save working for them. So that they see and feel that the developers take them serious and be there for there security. I don’t will recommend Linux Mint to any one who has not enough interest or knowledge of computers. Because that will bring me in trouble and have to help them out of that.

      So please be so kind and stay on that side – normal daily users – who are also not familiar how to configure there update manager.

      And now the question what do I have do do, with the kernel 4.10.0-38. update to 4.13.0-26 gives a black screen?

    8. @Crojav

      Do you perhaps have Nvidia graphics card? Ubuntu HWE plays havoc with Nvidia. It has never worked for me. AskUbuntu is full of issues regarding this. It’s best to stick with the LTS kernel, in this case 4.4xxx. You should NOT use 4.10, it is a security risk and no longer receiving updates. I am running Mint 18.1 and chose not to upgrade to Mint 18.2 or 18.3. That’s when the confusion starts creeping in and all the other kernels start appearing on the list.

      Ubuntu HWE and Mint “HWE” is not the same thing. Ubuntu does not offer the HWE stack to you, like Mint does. In Ubuntu you have to type in a command in the terminal to install HWE Stack. In Ubuntu HWE is more than just upgrading the kernel. Mint does it differently by only upgrading the kernel.

      If you have Nvidia cards for instance, you have to uninstall it before upgrading the kernel. Then install again, that includes nvidia-prime, because nvidia-prime builds against a specific kernel. You cannot mix and match. Sadly it does not work like that.

      If I was you, I would install Mint 18.1 and use kernel 4.4xxx that it ships with. That is the Ubuntu LTS kernel. It is your decision of course entirely.

      I hope you get your problems sorted. Good luck! 🙂

  13. It is amazing that this could have been used to access computer data since 1995. Although it has probably always been put there on purpose to allow access. Not that any company would purposely do this to allow access or a back door to data. That certain agencies are given access for a price. How silly that would be. LOL

    Thank You All for the info. I am updating now. Will keep an eye out for a patched Kernel.

  14. hello linux min a query with this flaw that is suffering spectrum must consider installing an antivirus or not necessary after installing the updates

    1. hi freddy

      yes, Clem is absolutely right in this point. Normally an antivirus-System helps to protect. But not so in this case, because this time these vulnerabilities directly affect the design of the CPU-Chips and GPU-Chips. This cannot be fixed with AntiVirus-Systems.
      The problem is within the firmware of these chips (this Microcode).

      And this can only be addressed with Microcode-Updates.

  15. In the URL address bar, enter the following:

    It’s wrong! Chrome will tell that there is no “strict site isolation”!

    1. It’s right! Just scroll down for a while or press Ctrl+F (find) and look for “Strict”. Works fine on both Mint machines I run.

    2. chrome://flags/#enable-site-per-process (THIS WORKS)
      Thank you, I hope others who tried LM’s method at the top of this thread will find your post

    1. dmesg | grep “Kernel/User page tables isolation: enabled” \
      && echo “patched :)” || echo “unpatched :(“

    2. Seems that when i pasted here something changed just use Ubuntu link and copy and paste code from there.

    3. Previously I have installed kernel version 4.4.0-112-generic. I have rebooted the computer.

      I have entered the command noted above in terminal.

      dmesg | grep “Kernel/User page tables isolation: enabled” \
      && echo “patched :)” || echo “unpatched :(“

      output = unpatched 🙁

      is this due to an underlying issue with my CPU?

      Thank You.

  16. Thanks for this security notice. I am running LM18.3 on kernel series 4.10. I am awaiting kernel update for this series. But somehow in the Update Manager the update for series 4.13 just appeared which according to the change log addresses CVE-2017-5754. I do not have any 4.13 kernel installed. So is there a reason why it is appearing in Update Manager? Should I update it? Or should I ignore it and wait for the update for 4.10 series? Thanks.

    1. Maybe that will change but I recommend that you do what LinuxMint suggests above and use Timeshift e.t.c and upgrade to 4.13 Kernel as suggested in the Update Manager. I may be wrong so probably better to wait for LinuxMint to answer you.

    2. I am sorry, I did not notice that you have updated the blog posting with more information on the kernels including the move from 4.10 to 4.13. Ok, will update it then. Thanks.

    1. The problem is in the 340 nvidia drivers non working with the new kernel, I switched back to the 4.10

    2. Hi,

      Is it DKMS failing between 340 and 4.13? Can you check with dkms status?

      Also, from a security point of view, 4.10 isn’t an option. If you can’t use 4.13 just yet, you should go back to 4.4, not 4.10.

    3. I have the same issue. dkms status shows:
      bbswitch, 0.7, 3.13.0-37-generic, x86_64: installed
      bbswitch, 0.7, 3.16.0-38-generic, x86_64: installed
      bbswitch, 0.7, 3.19.0-32-generic, x86_64: installed
      nvidia-340, 340.102, 3.16.0-38-generic, x86_64: installed
      nvidia-340, 340.102, 3.19.0-32-generic, x86_64: installed
      virtualbox-guest, 5.0.4, 3.16.0-38-generic, x86_64: installed
      virtualbox-guest, 5.0.4, 3.19.0-32-generic, x86_64: installed (original_module exists)

    4. Yes, I’m sure I installed the update. I figured out how to manually get things working, which I posted in a separate thread below. The things I tripped over are that the new nvidia driver does not show up in Update Manager for my GeForce GTX 660 Ti, and that the kernel headers were not installed by Update Manager during the update.

    5. Hi,

      Thanks for bringing this up. This was a mistake on our side. It’s fixed in 4.4.0-lts1 and 3.13-lts1. The missing headers are now pulled as dependencies.

  17. Tried kernel 4.13.0-25 and 26, my notebook does not boot to login UI anymore (2015 DELL E6440), have to go back using 4.10, hope a more stable version comes soon.

    1. What was the issue exactly? Could you show us the output of “dkms status” with 4.13?

      Also please note that 4.10 is vulnerable to Meltdown/Spectre. Only 4.13 and 4.4 are patched against it.

    2. Had the similar issues. I am using LM 18.3 with kernel 4.8 and upgraded it into 4.13, after reboot, it stuck on Mint’s Logo. Didn’t know how to fix it, and I reinstalled it with fresh installation, and finally worked.

      FYI, my laptop Dell Inspiron 3458 with Intel Core i3-5005 (Broadwell).

  18. Is here anyone who installed 4.4.0-109 successfully on 17.3 already?
    And how do I find out which linux-kernel version is there in repo if it reports “4.4.0”?
    $> apt-cache policy linux-kernel-generic
    Installed: 3.19.0-32
    Candidate: 4.4.0
    Version table:
    4.4.0 0
    500 rosa/main amd64 Packages
    *** 3.19.0-32 0
    100 /var/lib/dpkg/status

    1. Hi Yz,

      You can get more information about it with “apt show linux-kernel-generic”, you’ll see it now links to “linux-image-generic-lts-xenial” which currently points to 4.4.0-109.

    1. I am running LM 17.3 but still with a very old kernel (3.16.0-38). Kernel updates are not available since months to my system. What should I do?

      apt show linux-kernel-generic
      Package: linux-kernel-generic
      State: installed
      Automatically installed: no
      Version: 3.16.0-38
      Priority: optional

  19. Problems in the new kernel 4.13:

    The touchpad loses the “touch to click” feature, the keyboard loses the repetition of keys (when pressing a key is not repeated), and instability in general.

    Lenovo Ideapad 700

    1. Had the same issues. On my Dell Inspiron 3458, scrolling feature on touchpad did not work. And also, it looses touchpad sensitivity.

  20. I run Linux Mint 17.3 Xfce with kernel 3.19.0-32. Kernel 3.13.0-139 appears in the update manager. Should I install it?

  21. Thank you. I use Linux Mint 18.1 and everything went ok with kernel 4.4.109 ! No problems at all. Should I remove kernel 4.4.0-21 now ? I can see that this ‘old’ kernel is still installed …… But that does not harm anything ? I mean; kernel 4.4.0-21(installed but not active ) can cope with the new active kernel 4.4.109 ? Groet van Dejan !

  22. After updating my linux mint 17.3 cinnamon install (running as vm in vmware workstation 11) to kernel 4.4.109 I found that the mouse buttons (on logitech mouse – I tried two models and both had problems) would not work although the mouse pointer was still present and the desktop looked as normal. I have reverted to an earlier kernel version. Now I am wondering if I need to do some updates to the drivers as well as the kernel – but it is not clear which thing to update.

    As side note it took me a little while to get grub to show up – finally found that right shift button would get grub menu to appear.

    1. I encounter the same issue on one of my two virtual 17.3 mint (vm under esxi), both updated at the same time.

      One is having the issue, the other not, quite strange.
      Xev is clearly not showing any click (left/right)
      evtest detect the click
      the mouse pointer was moving, only click wasn’t effective.
      the “Windows” key allow to open the desktop menu and launch application/restart.
      So i deleted the 4.4.0-109 kernel. I hope it will be more stable in later release for 17.3.

  23. Kernel 4.13 boots me to a black screen, 4.10 works normally.

    $ dkms status
    ndiswrapper, 1.60, 4.10.0-42-generic, x86_64: installed

    $ lspci | grep VGA
    00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)

    1. same for me ThinkPad T430, black screen
      $ lspci | grep VGA
      00:02.0 VGA compatible controller: Intel Corporation 3rd Gen Core processor Graphics Controller (rev 09)

      for me this worked:
      In the file /etc/default/grub comment out the line

      changing it to:


      then issue:

      sudo update-grub

      then reboot

  24. I’ve been running Mint 17.3 (upgraded from earlier 17.n) with Cinnamon 2.8.8 and kernel (if it ain’t broke don’t fix it). Following (I think) your advice I applied an update to kernel (plus 2 other kernel-related updates as offered: linux-libc-dev 3.13.0-139.188 from 3.13.0-100.147, linux-firmware 1.127.24 from 1.127.22) in Update Manager. Rebooted but Cinnamon immediately fell into fall-back mode and will not restart into full Cinnamon mode. Reboots OK with previous kernel via Grub, so not urgent (and I can always upgrade to 18.3 if I have to).

    1. Hi Jim,

      It’s probably an issue with the NVIDIA drivers not compiling properly against kernel 4.13. “dkms status” should tell you which drivers are compiled against which kernels. “inxi -Gx” will also tell you which GPU drivers are being used and whether or not you’ve got acceleration (which is required by Cinnamon).

    2. 4.4.0.LTS1 update to fixed it – excellent! – now for the nvidia driver . . .

    1. Hi,

      An update for microcode is planned, Ubuntu is working on it. Regarding 4.13, the vulnerability is fixed from -25 onward, so -26 is fine. Generally speaking you should be on a supported series (HWE or LTS. 4.13 is the current HWE so that’s fine) and apply any security update that comes toward you. We made an announcement for -25 because this vulnerability is very concerning, but you should apply security updates anyway, whether the vulnerabilities are important or not.

  25. Hi,
    in my dmks -status output I have “nvidia-340, 340.104: added”, it should be “installed”. The driver manager lets me add the nvidia driver without any error, but when I reboot the nvidia drivers are not loaded and cinnamon crashes

  26. Cinnamon was crashing for me after updating Mint 17.3 to 4.4.0-109 kernel. This was due to nvidia driver v340 needing to be updated to 384, but not appearing in Update Manager. I downloaded v384.111 from nvidia website and tried to installed but the 4.4.0-109 kernel headers were missing. I installed those via “apt-get install linux-headers-$(uname -r) ” and was able to install the newer nvidia driver. All is well now – Cinnamon no longer crashes on boot.

    One trick: you need to close the window manager to install nvidia drivers. When I “sudo service mdm stop” I end up at black flashing cursor. So, I had to ssh via another machine to do the nvidia install while on the blank screen. Hope this helps someone.

  27. New kernel upgrade makes dkms fail on build NDIS support and makes COMPLETE SYSTEM LOCKUP when starting and virtualbox (5.0.40-dfsg-0ubuntu1.16.04.2) guest sessions.

    Needed to revert to older kernel branch to restore.

    1. Hi Max,

      Virtualbox looks fine here: virtualbox, 5.0.40, 4.13.0-26-generic, x86_64: installed
      An update for ndiswrapper (1.60-3~ubuntu16.04.2) is on its way.

    2. re-confirming: starting any (even a new one) VirtualBox guest on my mint 18.3 host while running 4.13.0-26-generic kernel causes system lockup. If started headless from CLI it generates kernel crash trace and system halts(freezes).

      Processor: Intel(R) Core(TM) i5-7300U CPU @ 2.60GHz (family: 0x6, model: 0x8e, stepping: 0x9)

    3. Hi Max,

      Personally recommend apt remove –purge 5.0.40…, then download 5.1.30 (or 5.2.4) .deb direct from (one of the rare exceptions when installing software this way is recommended, but is superior to the Ubuntu modified version).
      You probably already know this, but for the sake of others reading this reply. If using Mint 18x you’ll need the 16.04 Xenial version.

      Been using 5.1.40 with a previous 4.13 kernel for sometime without issue.

      – VirtualBox 5.1.40 link

    4. Hmm appears blog reply combined the double dashes appearing before ‘purge’, added an extra space below for the sake of readability.
      apt remove – -purge virtualbox.5.0.40

      @Clem, at some future time, will there be a blog reply preview feature added? Many thanks.

    5. I faced the exact same problem after updating to the 4.13 kernel: dkms error while installing and complete system lockup (cannot even drop to tty) on running virtualbox guest. The virtualbox problem I managed to overcome by downloading and installing 5.1.30 as per Dave B’s suggestion (thanks Dave). But the command to “apt remove –purge virtualbox.5.0.40” does not work. What I did is uninstall all the virtualbox packages via Synaptic. Now I guess all that is left is to wait for the ndiswrapper update.

    6. It’s a known bug, Virtualbox 5.0.40 (on host) can make the system with kernel 4.13 freeze when you run any VM with any guest OS.

      Install 5.1.30 from the official repos. 5.0.40 is 8 months old, 5.0 branch isn’t supported by Oracle since then, and it’s not known if it’ll be possible to fix 5.0.40 in Ubuntu repos. Get 5.1.30.

    7. As for ndiswrapper, do you guys really need it?

      “Description: Source for the ndiswrapper Linux kernel module (DKMS)

      Some vendors do not release specifications of the hardware or provide a Linux driver for their wireless network cards. This project implements Windows kernel API and NDIS (Network Driver Interface Specification) API within Linux kernel. A Windows driver for wireless network card is then linked to this implementation so that the driver runs natively, as though it is in Windows, without binary emulation.”

    8. Hi Talji,

      Apologies, lack of sleep, correct command is ‘apt remove –purge virtualbox’ (two dashes before ‘purge’)

      Pleased was able to help 🙂

    9. Today I used the .deb from virtualbox website and switched back to the new kernel. everything working again.

      In my case I had to remove the virtualbox-dkms package and had to ” sudo /sbin/vboxconfig ” afterwards to get it running again.

      Thanks for advice and (for LM team) thanks for the excellent distro and all the hard work!

    10. Hi Monsta, I did read the ndiswrapper description even before you mentioned it. And I was also wondering why I would need it. But I checked in Synaptics and I saw that ndiswrapper and ndiswrapper-dkms are already installed. So I supposed ndiswrapper is needed for some reason. According to Wikipedia: “Native drivers for some network adapters are not available on Linux as some manufacturers maintain proprietary interfaces and do not write cross-platform drivers. NDISwrapper allows the use of Windows drivers, which are available for virtually all modern PC network adapters.”

      So far, however, even though there was an error pertaining to ndiswrapper during installation of kernel 4.13, I am still able to access netowork via wifi without any problem. The error messages are:

      ERROR (dkms apport): kernel package linux-headers-4.13.0-26-generic is not supported
      Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
      Consult /var/lib/dkms/ndiswrapper/1.60/build/make.log for more information.

    11. See, your network is fine without ndiswrapper module loaded (it’s not loaded as it failed to build). Looks safe to uninstall it.

    12. For the sake of future reference, missed the asterisk in previous post. 🙂

      Correct command is…
      apt remove –purge virtualbox*
      (two dashes before ‘purge’)

    13. oh I am at the same issue.I’m not the only one!
      I will try this solution and report the conclusion.

  28. HI Linux Mint.
    After I have follow the update instruction. My pc was broken. I have a big resolution of 640 x480 of monitor. And my machine after few minutes made a boot ! The monitor will become dark. It’ s a tottaly disaster .
    Last news: I made a downgrade with Linux Mint . I Choose the kernel version 3.13 24. Don’t made a system update never ! If everthing goes fine . Imho there is no Spectre and Meltdown bug . It’s a fanstastic story useful to buy a new device

    1. Hi Maurizio,

      Please take these vulnerabilities seriously. They’re extremely worrying.

      We’ve been working really hard here and I know upstream devs in Debian and Canonical (and probably many people in the IT industry) have been working overtime to get this shipped to you ASAP. Things have been rushed, corners have been cut, mistakes are being made and some components are getting out earlier than they normally would. There are indeed a few bumps on the road. Don’t take this lightly though, this has to be patched.

      We just released a second update to fix DKMS in Mint 17.x with 4.4.0-lts1 and 3.13.0-lts1. Canonical is releasing a fix for ndiswrapper. We’ve still a few issues with Virtualbox and NVIDIA 340. Everybody is working really hard to get everything solved.

    2. I do apologize for my previous reply. But I was in total panic. Anyway I made the upgrade. I have a problem with gpu. I have a Geforce 9600s .There is a resolution of 640 x 480 and after few minutes the screen became dark and machine goes in stand -by mode. My driver version is 340.102..

    3. Hi Maurizio,

      Maybe switch to the open source nouveau driver for now, then try the NVIDIA proprietary driver again in a few days?

    4. @DaveB.
      The new situation is : Kernel version is 3.13.39 I lost Nvidia Proprietary driver configuration. I tried to install old 340.102 driver. It’s a total caos. Probably I make a new installation of Mint 17 Without Intel Patch possibly….

  29. I know Meltdown is solved for now but as I saw there are no patches against Spectre yet on this kernel or 4.13.0-26 for that matter.

    1. hi Fernando

      Just install the new kernel 4.4.0-108 as Clem already said and remove this old kernel! I did it and everything went fine so far.

  30. Dell Latitude E5530 refuses to fully boot after Kernel update, or it does and I can’t see it because the display remains blank/black. Having to do fresh install on that laptop to get back functionality, PITA. Lenovo T510 Thinkpad worked just fine after same update, no problems.

    1. Hi,

      You do NOT need to do a fresh install. From the boot menu, choose Advanced Options and from there you can boot from your previous kernel. If you made a system snapshot with timeshift you also have the possibility to restore it by running timeshift from the live DVD/USB-stick.

    2. I was running 18.3 and installed using all defaults. By default I do not see the ‘boot menu’ at start-up. Who knew? I do now so will edit & update the grub file going forward. Holding shift at boot did not bring up boot menu either. re: Timeshift appears to require more space than the original entire drive it is imaging and so just another time sink to figure out. I just ‘back-up’ the usual suspects and reinstall. As it stands this latest Kernel tweak makes my Dell Laptop not a good choice for Linux Mint.As much as hate to, I’ll head back to Windoz on the Dell as MS upgrades on my Windoz desktop did not brick the Windoz 7 in the process. The Thinkpad with Linux Mint handled the new kernel no problem, I just prefer the Dell hardware. Oh well. It’s this type of hassle that keeps Linux adoption down.

    3. @W7DAH “Holding shift at boot did not bring up boot menu either.” Doesn’t work on my Dell inspiron 1501 either. I use F2 as stated in the lower left corner of the boot screen.

    4. I got the Dell back online after some less than linear contortions. In no particular order, got rid of VirtualBox, did the MicroCode update, and today the 4.13.0-31 and now ‘stuff’s’ workin’ again.

  31. hi Clem,

    Just doein Kernel-Update via Synaptic. I hope, everything will go well. But one question referring to browsers:

    how are thing with Vivaldi-Browser?? How do I do these steps in Vivaldi-Browser??

    “Chrome Site Isolation

    If you are using Google Chrome or Chromium, please follow the steps below:

    “Type chrome://flags in the address bar and press Enter.”
    “Scroll down the page and find “Strict site isolation” and press the Enable button.”
    “Restart the Chrome browser.”


    “If you are using the Opera browser, visit opera://flags/?search=enable-site-per-process, click Enable and restart Opera.”

    And a further question: what about Intel-Microcode-Updates??
    Because I have Intel-Chipsets and I read already, that also Intel is affected and has pushed out updates??


  32. hi Clem,

    back after kernel-update. I am now on Kernel 4.4.0-108.

    Everything fine so far. No loss in performance as so far. Old kernel 4.13 is removed via Synaptic.
    Now lets go on with Brower-Security. How are the steps for Vivaldi-Browser??
    And afterwards I would love, if microcode-Update for Intel would be pushed out as Intel already released updates according to this forum here.


    1. Hi Andrea, Just type “flags” (not “about://flags”) in the address bar and follow the chrome instructions (Vivaldi is a chrome derivative).

    2. Hi,
      Sorry forgot to mention on some computers you have to enter “vivaldi://flags” in the address bar if “flags” doesn’t work.

  33. I already checked my drivers-updater for new version of intel-microcode. But there was none until up to now.
    This should be worked on and realeased when ready.


  34. Referring to this here:

    “Firefox 57.0.4

    “Firefox was patched. Please use the Update Manager to upgrade it to version to 57.0.4.



    There is an easier way. Just install the official repositories of mozilla-security and mozilla-team via Launchpad!

    Then go to your terminal and run:

    sudo apt-get update
    followed by
    sudo apt-get dist-upgrade


  35. For the new version of Firefox, just add these repositories to the software-sources:



    Then do the steps in the Terminal as I already said.


  36. @ Clem

    LinuxMint already has the new Firefox installed, so I just checked my Firefox for version and it is already version 57.04. So there is no more update necessary. Now I wait for Intel-Microcode and Vivaldi.

  37. @ Clem

    One question to this instruciont of you:

    “Stay away from 3rd party applications, proprietary in particular”

    But: graphics-drivers, intel-Microcode and so on are also 3rd-party applocations or not??
    There we should not stay away is my opinion. Graphics-drivers and such Microcodes should be updated. And how are thing with apps in flatpack?? Are these apps patched??

    There an information referring to this point would be welcomed. Because I hade done a new clean install of LinuxMint 18.3 the last days together with a complete new setup of my mothers PC with Windows 10. There the version-upgrade also caused big trouble and this was only to rule out with clean fresh install with a previous reset of her old system (she still refuses to Linux, what I dislike :-/ ).


  38. VMWare stopped working after updating to latest kernel 4.13.0-26-generic. VMWare Workstation 12. It says before you can run VMware, several modules must be complied and loaded into the running kernel. Any thoughts?

    1. Hi Daniel,

      Kernel 4.13 series is too new for VMware Workstation Player 12, there’s a newer version VMware Workstation Player 14, but noticed a bug, created VM’s do not appear in the main window (VM can still be launched by double clicking their .vmx file in the corresponding folder)

      – Latest version 9th Jan. 2018

  39. That’s why I love Linux Mint: Update Manager -> Linux Kernels -> 4.13.0-26 and the magic happens … All right also with the update from Nvidia to version 384.111. Thank you!

    #dkms status
    bbswitch, 0.8, 4.13.0-26-generic, x86_64: installed
    nvidia-384, 384,111, 4.13.0-26-generic, x86_64: installed

    #uname -a
    Linux Aspire-E5-573G 4.13.0-26-generic # 29 ~ 16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64 x86_64 x86_64 GNU / Linux

    Acer Aspire-E5-573G-58B7

  40. @ Clem

    One more question referring to this of you:

    “You should stick to the kernel updates available in the main screen of the Update Manager. If you do, these will always show the latest kernel available for the series you’re on, and that series either is LTS (kernel 4.4 in Mint 18.x) or HWE (currently 4.10), both of which receive security updates.”

    There I would like to know, what’s the difference between LTS and HWE? What does HWE mean? LTS is clear to me: Longtearm-Support. But HWE??
    This would interest me.


  41. hi Maurizio Tosetti January 10, 2018 at 9:19 pm

    Referring to your comment, one question:

    “I do apologize for my previous reply. But I was in total panic. Anyway I made the upgrade. I have a problem with gpu. I have a Geforce 9600s .There is a resolution of 640 x 480 and after few minutes the screen became dark and machine goes in stand -by mode. My driver version is 340.102..”

    Do you have your electricity on?? You should just plug in your electricity-cable. You seem to run on battery-power or?? For me this happens after a longer time, when I am on battery-power without electricity. 😀

    1. @Andrea Yes It’s obviously It’ s a pc desktop. There is the electrity. After the monitor in 640 *480 resolution and standby mode. I made a disaster. I tried to backward with system kernel and I failed . I installed old driver version 340.102. Anyway I lost every Nvdia configuration setttings. Actual kernel 3.13.139.
      Today the pc have a correct resolution and it’ s disapper the standby mode. But after few minutes of use the cpu temperature increase till 80 degrees after I have watched a Youtube. Before I was 45 50 degress

  42. Didn’t seem to do the trick.

    cc1: some warnings being treated as errors
    scripts/ recipe for target ‘/tmp/modconfig-4f4RXG/vmnet-only/bridge.o’ failed
    make[2]: *** [/tmp/modconfig-4f4RXG/vmnet-only/bridge.o] Error 1
    make[2]: *** Waiting for unfinished jobs….
    Makefile:1550: recipe for target ‘_module_/tmp/modconfig-4f4RXG/vmnet-only’ failed
    make[1]: *** [_module_/tmp/modconfig-4f4RXG/vmnet-only] Error 2
    make[1]: Leaving directory ‘/usr/src/linux-headers-4.13.0-26-generic’
    Makefile:120: recipe for target ‘vmnet.ko’ failed
    make: *** [vmnet.ko] Error 2
    make: Leaving directory ‘/tmp/modconfig-4f4RXG/vmnet-only’
    Unable to install all modules. See log for details.

  43. Sorry, I should have put

    January 10, 2018 at 10:51 pm

    VMWare stopped working after updating to latest kernel 4.13.0-26-generic. VMWare Workstation 12. It says before you can run VMware, several modules must be complied and loaded into the running kernel. Any thoughts?

    Linux Mint
    January 10, 2018 at 11:43 pm

    Hi Daniel,

    This is untested but worth a try. Create a snapshot before trying it.

  44. Mint is actually faster after update. Only problem I have is I don’t get a logo anymore.
    I get the working screens, which are normally hidden behind the logo.
    This has been happening since upgrade to 18.3.

  45. With the latest 4.13.0-26 Kernel+all available it appears to break the driver manager recommended Nvidia 340 driver. This is on a laptop and prime indicator also doesn’t work. not 100% sure if its the Kernel change or something else. The issue does see to fix it self if install Nvidia 384.111…except now then the driver manager indicates I’m using the software drivers… strange… BTW this was a clean install.

    1. Yes your right but all I had to do was uninstall the Nvidia driver then after reboot reinstall the Nvidia driver and after reboot everything worked fine. It’s kind of weird but that is all it took with the 340 driver for me.

  46. Need Help!!!! Getting the following errors when trying to update the kernal:

    Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
    Consult /var/lib/dkms/ndiswrapper/1.60/build/make.log for more information.
    Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
    Consult /var/lib/dkms/nvidia-367/367.57/build/make.log for more information.
    run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.13.0-26-generic /boot/vmlinuz-4.13.0-26-generic
    update-initramfs: Generating /boot/initrd.img-4.13.0-26-generic
    Warning: No support for locale: en_NZ.utf8
    run-parts: executing /etc/kernel/postinst.d/pm-utils 4.13.0-26-generic /boot/vmlinuz-4.13.0-26-generic
    run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.13.0-26-generic /boot/vmlinuz-4.13.0-26-generic
    Generating grub configuration file …
    Found linux image: /boot/vmlinuz-4.13.0-26-generic
    Found initrd image: /boot/initrd.img-4.13.0-26-generic
    Found linux image: /boot/vmlinuz-4.10.0-14-generic
    Found initrd image: /boot/initrd.img-4.10.0-14-generic
    Found linux image: /boot/vmlinuz-4.4.0-53-generic
    Found initrd image: /boot/initrd.img-4.4.0-53-generic
    Found Windows Boot Manager on /dev/sda1@/EFI/Microsoft/Boot/bootmgfw.efi
    Adding boot menu entry for EFI firmware configuration
    Setting up linux-image-extra-4.13.0-26-generic (4.13.0-26.29~16.04.2) …
    run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.13.0-26-generic /boot/vmlinuz-4.13.0-26-generic
    run-parts: executing /etc/kernel/postinst.d/dkms 4.13.0-26-generic /boot/vmlinuz-4.13.0-26-generic
    Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
    Consult /var/lib/dkms/ndiswrapper/1.60/build/make.log for more information.
    Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
    Consult /var/lib/dkms/nvidia-367/367.57/build/make.log for more information.
    run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.13.0-26-generic /boot/vmlinuz-4.13.0-26-generic
    update-initramfs: Generating /boot/initrd.img-4.13.0-26-generic
    Warning: No support for locale: en_NZ.utf8

    1. hi bananabob

      It seems, that this kernel 4.13.0-26 doesn’t seem to work for you. Then you better install the kernel 4.4.0-108 or even 4.4.0-109. This works like a charm for me. And then remove this old kernel.


  47. Good morning from Germany.
    Thanks a lot for all your work.
    Well lets say; I am since many years a hobby user of linux.
    Yesterday i did all the updates in the update manager.
    Luckily linux is working still, but not the higher monitor resolution of the nvidia driver.
    This morning i find Kernel 4.4.0-LTS 1 in the update manager.
    It did not work to update, insteed It said I should run something on command line, which i cant remember properly and i dont want to try again.
    Better to use the pc with this low resolution than a full crash.
    I tried to install timeshift, it said: another application is useing at present APT: dpkg
    Of course as a hobby user i prefer easy and clear gui-graphical user interfaces.
    I can use the root terminal, but of course i loose controll and dont know more or less what i am doing. There need of a profi. is a basic.

    Linux Mint Rosa 17.3 – 64 bit
    Kernel : 4.4.0-109
    Nvidia-340 it says recommended
    Firefox: 57.0.4 – 64 bit

    Anyhow thanks in advance

    1. This morning i find Kernel 4.4.0-LTS 1 in the update manager.
      I got the information now again:
      E: the dpkg-Prozess was interrupted; you must do manuelly »sudo dpkg –configure -a« ,(um das Problem zu beheben) to solve the problem.
      E: _cache->open() failed, please report.

      Will it solve my above mentioned monitor resolution problem?
      By the way it is an AMD cpu.

  48. I had some problems which may be of interest. I had problems when I installed the Nvidia driver 384.111 first, then the 4.4.0-109 kernel. Installing the kernel first, then the Nvidia driver works on my system. More info in this forum thread, particularly the 11th post:
    I wanted to throw that out here, just in case there really is some sort of installation order dependence.

    But it may be something else that caused the problem. I have a vague memory that the first time I installed the 109 kernel (after installing the Nvidia driver) when the update manager gave me a message about items being installed with that package, there were only 3 (I think) items, but when I later installed the 109 kernel (before installing the Nvidia driver, and still using Nouveau) there were more (about 6) items in the list. So I don’t know if it’s really order dependent, but if you’re having a problem, maybe worth trying to install the kernel before the Nvidia driver.

    1. The order shouldn’t really matter. The absence of the headers could have been an issue though, this was fixed with the 4.4.0-lts1 update.

  49. Successfully moved from 4.8.0-53 to 4.13.0-26. I removed nvidia drivers, restarted the system, reinstalled the drivers and everything is up and working.

    Thumbs up for Linux Mint Team!!!

  50. Ok, this is my personal take on this. Let me get that straight, right now the world is on panic mode like a deadly human virus has been found and we are all going to die. Developers are scrambling to patch things here and there without testing everything and breaking thousands of perfectly working systems because MAY BE you could catch a virus that could exploit that faille even though no such attempt have been identified in the world.

    There are a lots of system vulnerabilities in software identified every day since the computer creation and eventually get fixed. But this particular one which has exist for years is supposedly the biggest threat to humanity. I will not be rushing to patch anything until this panic mode recede and cooler heads prevail to get the proper system corrections. I rather have a fully functioning machine then a broken and cripple one just in case I could ,may be, somehow catch a virus which I never did any in my life.

  51. Linux Mint 17.3 Cinnamon on AMD Phenom x3 with NVIDIA C77 [GeForce 8200] now running latest NVIDIA driver 304-135-0ubuntu0.14.04.1 with kernel 4.4.0-109-generic – your recommended driver 384-111 appears in neither Driver Manager nor Update Manager – do I need to get it elsewhere or will it become available shortly?

  52. hi Clem

    Wanted to come back to say, that – also after the updates – everthing is working fine here. Just waiting for the mocrocode-Updates of Intel and these others. When will they arrive??


    1. They already arrived, i have seen the microcode intel update in the update manager today, and installed it, update your update manager to see it in the list of updates available.

  53. My currect linux kernel says

    the update manager offers as level 4 update. normally i only stick to level 1 and 2.

    should i choose this one? or else where to get

    1. All 4.13 kernels starting with include the fix. offered by the Update Manager is already the next version. You can use it. I updated from 4.10 to 4.13 and I’m experiencing problems with the new kernel on 2 different machines. On one of them I went back to a kernel 4.4 (they are also patched) because it wouldn’t boot with 4.13. On the other one I switched from the NVIDIA driver to the open source graphics driver. Kernel 4.13 is running fine on another 2 machines at work so it may work for you, too.

  54. I have clean install of 32 bit Linux Mint 18.3 xfce on an old Dell laptop. I have updated the kernel to 4.13 and applied all the other updates. I ran the Spectre and Meltdown mitigation tool mentioned in this thread and I get the output below. This shows the ‘Spectre Variant 1’ vulnerability is mitigated, but the ‘Spectre Variant 2’ and ‘Meltdown’ vulnerabilities are not mitigated.

    Is this the expected output?

    Spectre and Meltdown mitigation detection tool v0.27

    Checking for vulnerabilities against live running kernel Linux 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 21:38:24 UTC 2018 i686

    CVE-2017-5753 [bounds check bypass] aka ‘Spectre Variant 1’
    * Checking count of LFENCE opcodes in kernel: YES
    > STATUS: NOT VULNERABLE (805 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

    CVE-2017-5715 [branch target injection] aka ‘Spectre Variant 2’
    * Mitigation 1
    * Hardware (CPU microcode) support for mitigation: NO
    * Kernel support for IBRS: NO
    * IBRS enabled for Kernel space: NO
    * IBRS enabled for User space: NO
    * Mitigation 2
    * Kernel compiled with retpoline option: NO
    * Kernel compiled with a retpoline-aware compiler: NO
    > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka ‘Meltdown’ aka ‘Variant 3’
    * Kernel supports Page Table Isolation (PTI): NO
    * PTI enabled and active: NO
    > STATUS: VULNERABLE (PTI is needed to mitigate the vulnerability)

    A false sense of security is worse than no security at all, see –disclaimer

    1. We’re probably going to see updates related to Meltdown and Spectre all year and new types of exploits based on these could be discovered. Keep applying security updates as they become available.

      On most computers, the biggest issue with security is the user. Applying only the security updates you see listed here as opposed to what’s available in the update manager would be a mistake. That blog post will never be exhaustive, and neither will that script. Running a script from a website you don’t know (luckily this one looks legit) is something you should never do. We’re advising you the best we can but in the end of the day there’s only one sysadmin on your computer, and it isn’t us, it’s you.

  55. As a non technical computer user of the Linux O/S I rely very much on the Update Manager to keep things up to date and functioning correctly. That said, I was also taught that installing L4 & L5 updates is not advisable because it can lead to system instability.
    I would therefore appreciate guidance regarding the last update that included several L4 and L5 notifications which were not highlighted to be updated even though these non-selected updates refer to:
    In view of the recent press comments about two potential security problems, would it be best to install these level 4 & 5 upgrades contrary to the note at the bottom of the window that informs me my system is up to date? I suppose I’m really asking if I should treat the kernel update as an L1 update?
    My system info:
    Operating System: Mint 17.1 Cinnamon 64-bit
    Cinnamon Version: 2.4.8
    Linux Kernel: 3.13.0-37-generic
    Processor: Intel Core i5-4460 CPU @ 3.2GHz x 4
    Graphics Card: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller

    1. The update level isn’t an indication as to whether or not you should or should not install updates. You should ALWAYS install security updates. It’s an indication of how sensitive the package is on your system. If anything it’s an indication of how careful you should be when installing it. In other words, if you see a level 4/5 security update, you need to install it, but it’s a good idea to make a system snapshot beforehand.

  56. After kernel updates, multiple computers work faster and better than before. (Smoother video play back, quicker startup/shutdown, snappier response, etc.) Can anyone explain why?

    1. Updating from 4.10 to 4.13 has caused problems on 2 of my machines while 2 others are working fine. If 4.13 is causing trouble on your computer you can try 4.4 which is also patched. If your computer does not boot fully after the update to 4.13 restart it and select a different kernel in the advanced boot options of the grub boot menu.

    1. No. The LM 18.3 iso packed with kernel 4.10. You should update the kernel into 4.13.0-26 or install kernel 4.4.0-109, right after installation.

  57. I’ve updated to Kernel 4.13 and now wifi is gone, i can not connect with Linux Mint 18.2, any idea what the problem can be ?

  58. .I have made the updated in my Linux Mint from kernel 4.10 to 4.13 as it appears in the update manager, and now wifi is gone, i can not connect to my wifi. What could be the problem, any idea ? How to fix it ?

  59. @DaveB I have and old pc . It’s 10 years ago. Is it compatibile Linux Mint 18.3 It’ s Core 2 processor

    1. @ Maurizio
      Having installed Mint 18x on several old computers (one was a C2D CPU), I’d say give it a try. if Mint live session fails to boot, try booting with nomodeset.

      Without knowing which version you will be installing/trying, check the release notes for further tips

  60. I’m using kernel 4.4. Updates proposed me to install kernel 4.13.0-26. After the installation, impossible to start a Virtualbox VM. Th eVM AND Linux Mint freeze. I uninstallad kernel 4.13.0-26 and placed it in the backlist.

    1. We discussed this problem above. This is a known bug running Virtualbox 5.0.40 in kernel 4.13. The solution is to uninstall 5.0.40 and install 5.1.30 directly from Please refer to the steps above.

  61. I came back to kernel 4.10.0-42 in my linux mint 18.2 and wifi came back, so there is a problem with kernel 4.13.0-26 that makes me impossible to connect to wifi.
    If you need change kernel, come back to previous kernel, during the boot, press shift or escape key and choose the kernel to boot with, then delete the new kernel which is wrong in the update manager (in my case i deleted kernel 4.13.0-26). Now if you reboot, you’ll use the last kernel intalled (in my case 4.10.0-42).

    1. My laptop wouldn’t boot with the 4.13 kernel so now I’m using the patched 4.4 kernel, not any unpatched 4.10.

    2. If kernel 4.13 doesn’t work for you, just go to kernel 4.4.0-109, as kernel 4.10 are vulnerable against Meltdown and Spectre.

  62. LMDE 2 user, I can work with terminal but I’m not at all an expert
    Kernel update went totally fine.

    At least on my LMDE2,, Timeshift is NOT preinstalled / available in App Menu btw, and you can not install the actual git version 17.11, however 17.2 works ( Unfortunately Timeshift requires 150GB free EXT4 memory here for an image, which I can not provide at the moment, so archived the system with another tool for updating NVIDIA drivers.
    Downloaded NVIDIA driver .run FIle
    Installer tells me to stop X session, which is of course not a problem
    Next try, after “decent” warnings installer aborts again and tells me to remove thee debian-packages first before using .run file. But which packages does it mean exactly?
    I have to admit I hate nothing more than installing nv-drisers manually, everytime I did that ended with minor display issues in the best case or failing x-sessions and reinstalling Linux in the worst case.

    How critical in security would it be to remain on the legacy 340 branch and/or is it already sure that there will never be a backport?

  63. When it is planned to add 340.104 Nvidia driver in the repository “Ubuntu updates” to work with the kernel of 4.13?

  64. After Kernel update in Linux Mint 17.3 to upstream 4.4 the system does not boot anymore. Alfter loading kernel it reboots … so switching back to the old kernel .

    Please fix it !!

  65. I was running 17.1 and upgraded to 18.3 and am currently running 4.13.0-26 and am still vulnerable to Spectre am I missing someting?

    Spectre and Meltdown mitigation detection tool v0.27

    Checking for vulnerabilities against live running kernel Linux 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64

    CVE-2017-5753 [bounds check bypass] aka ‘Spectre Variant 1’
    * Checking count of LFENCE opcodes in kernel: NO
    > STATUS: VULNERABLE (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

    CVE-2017-5715 [branch target injection] aka ‘Spectre Variant 2’
    * Mitigation 1
    * Hardware (CPU microcode) support for mitigation: NO
    * Kernel support for IBRS: NO
    * IBRS enabled for Kernel space: NO
    * IBRS enabled for User space: NO
    * Mitigation 2
    * Kernel compiled with retpoline option: NO
    * Kernel compiled with a retpoline-aware compiler: NO
    > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka ‘Meltdown’ aka ‘Variant 3’
    * Kernel supports Page Table Isolation (PTI): YES
    * PTI enabled and active: YES
    > STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)

    A false sense of security is worse than no security at all, see –disclaimer

    1. These kernel updates fix Variant 3 (Meltdown). Ubuntu are still working on fixes for Variants 1 & 2 (Spectre).

  66. I have a year-old-laptop, so I’ve been using Mint 18.1 Cinnamon and the 4.8 kernel. I switched over to 4.13.0-26 per the security recommendation. This created a problem. I am using Samba to access a file server and had several directories shared from that server, auto-mounted from the laptop via fstab. I am still able to connect to the shared directories, but only in read-only mode — the directories that are set to read-write can not be written to when I use the 4.13 kernel. I used Timeshift to revert to 4.8 and read-write is working again. Has anyone run into this or know of a solution? Thanks!

    1. Same problem here, cifs also not working. Switching to kernel 4.4.0-109 solved the problem for me. Regards…

    2. OK, I was able to fix this.
      Under kernel 4.8, you could use just the generic ro and rw mount options in fstab to set shared directories as read-only or read-write, respectively.
      Under kernel 4.13, you need to use the cifs-specific uid=1000 option to set the directory as read-write (it makes you the owner of the files/directories so you can modify them.)
      (Thanks to

  67. Do we still need to try to update the processor ( some microcode BIOS update) ? I don’t remember where but I read intel had some patch that us, linux users we can drop that file somewhere and at boot time, it would do some update to the processor… Have I dreamed ? ( so no need to do so BIOS upgrade)

    1. All I’ve seen about such things is that they tell you to contact your manufacturer.

      The main problem there is that I have been trying to learn Linux Mint with a MPC ClientPro 385 and MPC Computers went out of business around 2006! I find the Intel vPro multicore in it is DANDY but it irks me to no end for Intel to cop out so badly. In the meantime I hold the whole story to be implausible, FAKE and made up by Google. I went to the Meltdown and Spectre website and was appaled that it really didn’t impart any new information to my and that the site owner seemed to be more concerned about you DOWNLOADED THE LOGO THEY MADE! Kindergarten!

    2. Core2 6300 1.86 GHz is my Linux machine, 6144 MB RAM and I apologize3, only one drive is showing in BIOS, 80 GB. Back to the books but I’ve never had such headaches setting up most Windows machines. I’m well past 50 now and not prone to learning non-Romance languages, so to speak.

    3. The microcode update should come via the update manager, i.e. through your Linux Mint installation.

  68. Will you PLEASE, PLEASE, PLEASE stop blindly recommending Nvidia driver 384.111 to all Mint users? Here is what the NVIDIA driver states when an install is attempted on an inappropriate video card:
    WARNING: The NVIDIA GeForce 9500 GT GPU installed in this system is supported through the NVIDIA 340.xx legacy Linux
    graphics drivers. Please visit for more information. The 384.111 NVIDIA
    Linux graphics driver will ignore this GPU.

    1. @Leo I agree with you. I lost my Gpu Nvidia settings. and Cpu temperature goes high level. I am thinking a clean installation. I need urgent support at @clem and all Linux Mint Team please.

    1. I have problems with VirtualBox 5.2.4 install. So using 5.1.30. VirtualBox 5.1.30 runs on 4.13 with no issues on kernel 4.13 Mint 18.3 KDE and Mint Cinnamon 18.3, on kernel 4.4 KDENeon, and Fedora 27 KDE (kernel 4.14).

    2. Hi VEGalin,

      VirtualBox 5.2.4 can only be installed after un-installing any older versions, otherwise the installer fails with an error. That aside, because of a current 5.2.4 theming issue (possibly due to version of Qt shipped with Mint), I’d stick with 5.1.30 for now.

    3. Thank you, Dave B, I’m going to stick to 5.1.30 in nearby future. Till official upgrades to 5.2 maybe.

  69. First of all, I’ve never really figured out HOW TO CLEAR OLD KERNALS AND SUCH to get my installation to the point where I won’t get the dreaded Boot Full message when I’ve got 2×80 GB drives.

    Therefore I find myself reinstalling and have done this 3 TIMES since I put it on one of my computers.

    To be honest, I have this computer that I run IE 11 and Firefox 57.0.4 under Windows 7. I was so fed up with all of this ‘nonsense’ which is attributable to ‘PRE-FETCHING’ IIRC and that’s 2/3rds of my lifetime of using computers PERIOD, that I removed nearly all Windows hotfixes prior to December 1. We’ll see.

    On top of that, FF 57.0.4 for Windows has become a hoggy piece of junk again on a Pentium G320 2.60 with 4 GB RAM!

    So I have low confidence in bothering to ‘fix’ my Linux machine. And as I said, a larger part is about all the piled up kernals and not knowing about how to even maintain that, I’m relatively new to Linux but I’ve used Windows for 32 years. While I like Mint a lot, this is a killer.

    1. Use the Update Manager. Go to the View menu, then Linux kernels. All the available kernels are listed. The one in use will be shown as Active, while others installed but not in use will be shown as Installed. You can uninstall those ones if you want.

  70. After doing this update, Virtual Box 5.0.40_Ubuntu r115130 crashes when starting Windows 10 guest. Has anyone found a workaround?

    1. Hi happyman,

      This has previously been discussed, simply remove VirtualBox5.0.40 using the following…
      apt remove –purge virtualbox
      (two dashes before ‘purge’)

      Then download VirtualBox 5.1.30 .deb file direct from the following link. You’ll need the 16.04 (Xenial) version (double click downloaded file to install).

      @Clem, For the future, for this particular software instance, is it possible to update Software Manager to use .deb files, rather than relying on Ubuntu (modified) repo versions? Many thanks. 🙂

  71. I can’t even install updates until I do, which is why this box has bee sitting for so long but for a few times surfing and checking mail while I fix the Windows machine. If they really wanted to make this helpful for novices it would weed these out for you and suggest changes or at least tell you what to expect. I’ll try this again but it was off-putting and highly confusing the last time I found it.

    1. I uninstalled two of the six or so that were only marked installed and then was able to run all of my updates and the Intel patch. I was surprised that my old computer didn’t shout I’m melting!

      But it’s 3 in the morning, my cat will wake up soon and nag me to get a nap.

    2. Hi Asynchronousman,

      Since you ask. Update Manager is the easiest, and safest method. Once you become more familiar with Mint, if you encounter this issue again, a more advanced method is to use Synaptic Package Manager.

      For example…
      In ‘Quick filter’ box enter linux-image
      On the (lower) left pane click Status, then (above) click ‘Installed’ to show a list of installed kernels. ***Be careful here, only remove unused kernels, if in doubt do nothing!***

      Best method is to not get into this situation in the first place, as soon as a newer kernel is installed, and you’re sure it works without issue, remove the older kernels (maybe except for one) with Update Manager.

    3. You can uninstall old kernels by typing “sudo apt autoremove” in a terminal (Ctr+Alt+T). It will remove all but the newest two kernels. First it will give you a list of items to be removed and then ask you if you want to continue, so it will be safe to do this.

  72. Thank Clem for tremendous work and excellent support!
    I’ve installed 4.4.0-109 and 4.13.0-26 (both, of course), and uninstalled all the other kernels, with Update Manager. So I have ASUS UV50vt, quite an old laptop, with only 3GB(!) RAM and Optimus(!) double GPUs but perfectly running (MBR mode, 64-bit all):
    1. Linux Mint 18.3 KDE (4.13.0-26) with upgraded Nvidia 384.111 (no bumblebee and primus), intel microcode 3.20180108.0;
    2. KDE-5.11.5 -Neon-dev-stable (4.4.0-109) with upgraded Nvidia 384.111 (with bumblebee and primus);
    3. Windows 10 Home with wonderful newest Firefox, Auto – most famous – 2018 CAD, and Photo – most famous and recent – Shop – all run perfectly(!); and
    4. Fedora 26 KDE (with bumblebee and primus), sorry, Clem 🙂
    And ASUS Z87Pro, not quite an old desktop, with 16GB of RAM, i7-4770 (no PCI videocard added, only HD4600 in use) perfectly running (UEFI mode, 64-bit all):
    1. Linux Mint 18.3 Cinnamon (4.13.0-26) (BTW, btrfs install, instant snapshots with Timeshift utility, and backed up to another disk btrfs partition with btrbk utility – automatically and on the running system, wow, thanks a lot!!!);
    2. Linux Mint 18.3 KDE (4.13.0-26);
    3. KDE-5.11.5-Neon(user) (4.4.0-109);
    and other non-ubuntu OS-es as well…
    Please hold on, and thanks again!

  73. I have upgraded from 4.10.0-42 to 4.13.0-26 as proposed by Updates Manager but after reboot the loging screen was to low resolution. After the login the screen was “black” for a few minutes then I had the desktop to low resolution. So I reverted to 4.10.0-42. I have an NVidia card (GForce 6150SE) which uses 304.135 diver. So, following a post in this discussion, I have (with 4.10.0 installed) removed the 304.135 diver in favor of the open source (xserver-org-video-noveau-1.0.12, in Driver Manager); after reboot I installed 4.13.0-26 and reboot. The 4.13.0-26 works with the open source driver.. Then I reinstalled the proprietary driver (304.135 from Driver Manager) and the reboot: screen to low resolution! It seem the 4.13.0-26 works only with the open source driver! At the moment I reverted all to 4.10.0 and 304.135.


  74. About VirtualBox problems, I’d recommend VirtualBox 5.1.30. It works OK on my Mints KDE and Cinnamon 4.13.0-26, and on KDE-Neon 4.4.0-109 as well.
    I remember that the Installation instruction for Ubuntu, and so for Mint as its derivative, may be somewhere deeper in a Downloads sub-tree at the official VirtualBox web site.

    1. And after install, do not make a “New” virtual machine but try to “Machine/Add” the current one. And it’d better to compress the current VM (“VirtualBox VMs” folder and *.vdi files) for backup to some outer location before 🙂

  75. On my laptop (Acer Aspire S3 MS2346) the 4.13-0-26 kernel breaks hibernation, switching back to 4.4.0-109 fixes this issue.

  76. All good installing and running new kernel 4.4.0-lts1 (4.4.0-109) on Mint 17.3.
    I removed old VirtualBox (apt-get remove —purge virtualbox*) and install 5.1.30 from vbox site. And it works find.
    But there’s still vboxguest in “dkms status” output:
    vboxguest, 4.3.18, 3.13.0-37-generic, x86_64: installed

    How do I remove/upgrade this module?

    1. Hello Yz.I am an absolute beginner.I am very confused.The information is contradictory.I write to you because I have Rosa 17.3 and I do not know exactly how to make the PC safe. How did you upgrade the kernel? The 3.19.0-32 kernel is currently loaded on my pc. Among those available for update there is no 4.4.0-109 kernel (the last one iso 4.4.0-098).
      But there is a level 5 update to 4.4.0lts1. What should I do?

    2. @Giorgio

      Just do the update to 4.4.0lts1 – that is what I did (Mint 17.3 KDE). I also did the update to nvidia 384.111 at the same time. Perhaps not the best idea because it didn’t go so well. After reboot I got a low resolution (1024×768 or 800×600 I think) and no option to change it. I tried going to nouveau (software driver via Driver Manager in Settings), but that was worse (640×480?) and I know from the past, nouveau never really worked for me. I then tried switching back to nvidia-384, and then all was good again.

      Updating nvidia drivers always makes me nervous (from past experiences from older versions of Mint KDE/Kubuntu going back to Mint 10 Kubuntu 10.10 – Kubuntu was always a pain so no I avoid it, Mint KDE mostly just works). I always hesitate upgrading as what I have works fine, but this time due to the security issues I upgraded. This is one computer of several with Mint 17.3, but the only one with an Intel CPU.

      After it seemed to be working (after a couple of reboots), I went back into Update Manager, View, Linux kernels, and selected the 3.19.0 kernel that was installed and Removed it (it was the only previous kernel I had installed as I usually don’t mess with upgrading the kernel – again, if it works, I don’t touch it).

  77. After installing the 4.13.0-26 kernel in Mint 18.3 Mate, I also experienced the freeze when starting a guest in VirtualBox. After reading the comments here, my personal fix was to install the 4.4.0-109 kernel. That works for me, as I do not require a newer kernel. My usage of VirtualBox is minimal and intermittent, so I can wait for an official fix, whether it will be an update of 5.0.40 or an upgrade to 5.1.30 or 5.2.x.

    They will have to fix VirtualBox, won’t they?

    1. I know not everyone is running latest Linux Mint 18 but it says here that if you are, then need the 4.13.0-25 kernel to address the vulnerabilities. I did follow what someone suggested here is to upgrade the version of VirtualBox to 5.2 and things are working again.

      Here is what I did:
      1. sudo apt remove –purge virtualbox*
      2. sudo sh -c ‘echo “deb xenial contrib” >> /etc/apt/sources.list’
      3. Went into Synaptic Package manager and “Reload”. Then Search for “virtualbox*” and select virtualbox-5.2 and apply. (I am sure there is a command for this).

    2. For each version of Mint there are eventually two currently supported kernel series – the LTS series, which for Mint 18 is (and will remain) 4.4, and HWE, which for Mint 18 has just moved from 4.10 (and previously 4.8) to 4.13. HWE for Mint 18 will in a few months move to and then remain 4.15, which will also be LTS for Mint 19.

      Patches are being rolled out for both 4.4 and 4.13, so in that regard 4.4.0-109 is equivalent to 4.13.0-26.

  78. The new Nvidia Driver is driving me crazy.
    Even with nothing open the Graph of the CPU has mini freezes.
    Playing Games is not really possible.

  79. It not clear to me which I should use as I’m on Linux Mint 18.3 – do I use 4.4 or 4.13 (how do I know whether I’m HWE or not)? Both work for me, just not sure of the difference. No issues with NVIDIA or Microcode at all which was good to see.

    4.4 series (Linux Mint 17 HWE and Linux Mint 18 LTS): patched in 4.4.0-108
    4.13 series (Linux Mint 18 HWE): patched in 4.13.0-25

  80. I installed the new kernel and microcode and the result was unexpected. CPU frequency was all over the place and my laptop (MSI GP70 2QF) became unusuble. It was slow and Netflix was stuttering.

    Reverted back to the old kernel and everything is back to normal.

  81. @those who suggest a Linux only environment, that is simply not happening, no matter how good Mint or other versions are. In the real world I have to deal with really old software and machines that as yet do not play well with Mint…YES, it happens.

    The entire point is that you need to be versed in many things to handle problems. It is not a partisan world, this fails to solve any problems.

    Having worked up from TRS-80s through Apple II series/clones and an HP 3000 in college before ever touching a PC or Windows I would hope I have a perspective on this. I am also over 50 now, obviously and tire of solving the ‘world’s problems’ some days…some thoughts for those the LM team promised a more Windows like environment to would certainly help. Your paradigm works differently but make no mistake, it’s the same stuff, new box. As I grow older though I find I like older things more EXCEPT Windows 10. Windows 7 was the best and most agreeable as well as solid refreshing of XP I’ve ever found and I do like it. Firefox ‘Quantum’ is a crapshoot on Windows though, an AFTERTHOUGHT. That reminds me of why I wet to IE 5.5 when Netscape 6 was introduced. And I’m not married to computers…I like to fix old bikes, make tape recordings and CDs and enjoy my cats in between housework, and this takes too much time and screaming now and then.

    1. Having to deal with old computers would be a point in avour of Linux rather than a point against ist, though. Windows just doesn’t work well with older machines. In the Linux world there is always one distribution that is the solution to your particular problem!

  82. And by the way, this ‘problem’ has existed for the entire life of the public internet, it’s not Defcon 5 and sensationalism (formerly yellow journalism and rebranded as fake news by the shallow and weak sighted) has not helped anything. Pre-fetching is not a cardinal sin. We’ve seen these efforts to patch so-called ‘memory leaks’ for several years now. The division errors in the early Pentiums, THAT was a problem, bigtime.

    There is a world of difference between the results I got on this machine and the WIntels. As such I have set mine back to the ‘pre-hysteria’ stage and watch the updates closely. It’s not the first nor the last time I’ll do it.

    And quite frankly I don’t buy my toilet paper online but I’ve always been sure somebody know your preference.

    Adopt a more mature view about it, no problems are truly theirs or ours *unless they are.

  83. 1. I have Linux Mines 18.3, the kernel 4.10
    2. I upgraded the kernel to 4.13
    3. Virtualbox 5.04 does not work.
    4. Kazam does not work.

    Question: Who needs this update?

  84. I am an absolute beginner.I am very confused.The information is contradictory.I write to you because I have Rosa 17.3 and I do not know exactly how to make the PC safe. How did you upgrade the kernel? The 3.19.0-32 kernel is currently loaded on my pc. Among those available for update there is no 4.4.0-109 kernel (the last one iso 4.4.0-098).
    But there is a level 5 update to 4.4.0lts1. What should I do?

    1. Ciao Giorgio. Dal nome, immagino tu sia italiano come me. Io uso mint 18.3 cinnamon, ma la procedura dovrebbe essere la stessa. Dovresti impostare il gestore degli aggiornamenti in modo che mostri sempre gli aggiornamenti del kernel. Lo puoi fare in…. Modifica > Impostazioni > Mostra sempre gli aggiornamenti del kernel. Una volta selezionata l’opzione, Applica. Fagli fare una nuova ricerca degli aggiornamenti, quindi installa la nuova versione del kernel che ti viene proposta.

    2. (In general speaking) I’d like to suggest “Ukuu” (Ubuntu Kernel Update Utility). It’s so simple to install or remove kernels with just 2 clicks and also to see / follow the new kernels available. sudo apt-get install ukuu
      Or from Synaptic..

      Meanwhile, I’ve been running with the latest kernels so far without any problems (and 4.14.13 at the moment).. But only with 4.13 I had problems and the screen got frozen in green color… Yes, you’ll say it’s already known that it’s risky to use the newest kernels and wireless or printers may not work..

      But the strange thing is that other distros I’d tried (just to have a see) which had the kernel 4.13.x “originally”
      (Lubuntu, Kubuntu, Xubuntu -17.10- and even MX Linux 17 -which is not Ubuntu derivative-) did the same thing, frozen.. So that it affected the Bios.. – Bios settings were changed – …

      ( HP 32 bit laptop – most cards are Intel )

      I was wondering if I were the only one to have problems with that kernel.. I’m praying for L. Mint 19 to be based on higher than 4.13 🙂

    3. Hi Giorgio, I have 17.3 also – the correct kernel update is 4.4.0.lts1 as recommended by Update Manager – this installs as which is the correct patched version . The rule is to follow the recommendations of Update Manager (unless it breaks your system!).

  85. Grazie Gianpiero !
    Sì, hai azzeccato ! Sono di Milano. Provo subito il tuo consiglio.
    Grazie !
    Ho fatto, ma nell’elenco dei kernel disponibili continua a fermarsi al 4.4.0-98. E il primo disponibile è il 3.13.0-100.
    Nel gestore aggiornamenti c’è, come dicevo, una nuova versione disponibile (di livello 5): 4.4.0-lts1, ma è solo 1kb. Hai idea di che significhi? Non ci capisco più nulla. Grazie per avermi risposto.

    1. Io risiedo in un paesino della bassa Bergamasca. Non ho proprio idea, a questo punto, di come aiutarti a risolvere il problema. Ho lasciato mint 17.3 quando è uscita la versione 18 e, da lì, ho seguito man mano i nuovi aggiornamenti. Forse ti conviene fare altrettanto. Oppure, attendi i consigli di MINT o di qualche altro utente più esperto di me. Ciao

    2. I made a clone (with USB Parted Magic stick – Clonezilla utility) of the system partition as Clem recommended and successfully updated Linux Mint KDE 17.3 to 4.4.0-lts1 (automatically downloaded 4.4.0-109) after it.
      Asus z87pro i7-4770, uefi, 64-bit.

    3. Ciao, sai che il 4.4.0-109 compare nella lista PRIMA del 4.4.0-98, vero? Precisamente, prima del 4.4.0-21. Se comunque non lo vedi, installa 4.4.0-lts1. Credo sia una sorta di metapacchetto. Dopo averlo installato, nella lista dei kernel dovresti vedere il 4.4.0-109.

  86. If successfully upgraded the kernel to LM 18.3. Everything seems to be working still for me.

    However the update manager still shows 4.10.38 as an “update”. What to do with that? just ignore it?

    1. I usually install the older kernel if showed in Update Manage, and uninstall it immediately. So the previous version of kernel is not seen in Updates anymore. Exception is 4.4.0-109. It’d better to uninstall all except the recent officially recommended versions – 4.4.0-109 and 4.13.0-26, I think. If a problem with one of these versions then booting into another can help.

  87. Note that, when you upgrade the kernel and reboot the system, the older one remains installed, but the active kernel is the new one. You can uninstall the older one later, but this is not necessary.

  88. Thank you Clem for such clear and concise instructions on how to protect ourselves.
    I followed them to the letter on our three computers here at home, and warned all my relatives.

  89. I have Linux Mint 17 KDE, 3.13.0-139-generic
    But, what about microcode?
    “dmesg | grep microcode” snow no update, ever!
    Do I need microcode update?
    If yes, how to update microcode?

  90. Hello Mint team,
    I’m running cinnamon 18.3 and I’ve changed the kernel from 4.10.0-38.42 to 4.4.0-108 (updated later to 4.4.0-109). Also from drive manager I’ve installed intel-microcode version 3.20180108.0 (and firefox was already updated)…
    Am I OK with these steps?

  91. Thank you for responding to GreenHorn’s query by providing advice regarding the importance of installing security updates. That said, please excuse my ignorance but, as a non technical computer user of the Linux O/S, how do I work out if the L4 / L5 files xorg-server, linux, linux-firmware & linux-kernel have security implications?

    1. They DO NOT have security implications. They MAY have them with non zero probability.
      As if driving car, the drivers may not always come to their destinations, but in most cases, they get to them as planned…

  92. Time shift takes up too many resources. They can only be put to out to a Linux file system, like ext4. It won’t go to a “fat” drive. I don’t have very much room left on my Linux partition. It’s easier to just back up home files, and do a total rebuild, if it crashes.

    And even though timeshift is on default 18.3 it can’t run the preferred type of snapshot because it’s the wrong file system even on the Linux partition. So it can’t run.

    I have Linux mint mate18.3 32 bit on my 32 bit Dell Optiplex computer, and 18.1 64 bit on my 64 bit Dell Inspiron. I didn’t see about the virus in the blog till Jan. 13th, then after that I upgraded kernel and other level 4 security updates, level 5 on 18.1. They upped the level numbers at 18.2. So 18.1 5 level is the same as 18.2 4 level. After the Kernel and all security updates, no problems. Mate is the best. I tried 17.0 cinnamon, and 17.1 xfce. Software is not updated, and it doesn’t work well. And 18.2 xfce. The smplayer used to crash a lot on 18.1 mate. But lately, it’s been working well after recent updates. So any mint mate 18 level works good. The update manager keeps it up. But if a rebuild has to be done use 18.3, the latest. After all the security updates they ought to put out an 18.4. Using 64 bit is the best if you can.

    I use Firefox 57 now. I was holding on to 56 till I heard about the meltdown and specture. Then updated that and totally rebuilt Firefox. 57 works well with the Ublock addon. And maybe NoScript. But Ublock seems to work better in 57 than 56, and might not need NoScript. Couldn’t find any other addons to work well on 57. They want you to install other software. So how is that better to use web extensions than legacy? I got Waterfox now, if I want to use legacy addons.

  93. Hi folks: I am attempting to escape the tyranny of Microsoft. I am not a programmer nor do I wish to be. I am happy to leave that to talented, bright minds such as you. I was attracted to Mint because of the GUI interface which is somewhat similar to Windows XP which I enjoyed so much. As a writer, I have little spare time for learning programming languages in order to install updates. I know most of you are volunteers and I admire that very much. Is there a simple way you can compile these needed changes into a series of actions that a “layman” like me can solve by adding a password and simply pushing a button to achieve said changes?

    Thanks for all you do. I’ve spent the last three days attempting to get a Brother Laser Printer to work with Mint so I can get on with my work. I mistrust large tech giants such as Microsoft, Apple and Google… or whatever they have decided to call themselves today. I don’t do Facebook, Text or Twitter. Years ago, I did CP/M and DOS. I am tired of perpetual change. I want something I can depend upon. Life is short and I am old. I am also a songwriter with more than 1000 published songs. (None are on the charts… LOL! but there is always hope.) My E-mail address below was recently “hacked” and I am in the process of deciding on a more secure provider… so if you attempt to contact me at AOL, you will join a long line of twenty years worth of valuable contacts and friends I now am unable to communicate with. AOL has been acquired and the new owners obviously do not give a rip about long-term users of their service. (Now Verizon… and they also acquired Yahoo)

    Cheerio and best regards,

    Dave Rice

    1. Normally, all the required updates should be displayed in the (graphical) Update Manager automatically. All you have to do is check if they are selected (kernel updates may be deselected by default), hit “Install Updates” and enter your password.

  94. @Linux Mint Team “Note: If intel-microcode isn’t installed on your computer, run the Driver Manager to see if it’s needed.”

    Can you elaborate on this? v 3.20180108.0 does not appear in Update Manager, but does appear in Driver Manager. Top line with radio button (not highlighted) shows the correct intel-microcode version & description. Bottom line is with radio button (highlighted) showing “Do not update the CPU microcode”. Upon choosing the top button, the Apply option becomes highlighted. Does this indicate the microcode is not installed and needs to be?

    After clicking Apply, it completed with an option to reboot, which was accepted. But how to verify if it installed properly?

    $ dmesg | grep microcode
    [ 1.455256] microcode: sig=0x1067a, pf=0x1, revision=0xa0c
    [ 1.455285] microcode: Microcode Update Driver: v2.2.

    $ grep ‘microcode’ /proc/cpuinfo
    microcode : 0xa0c
    microcode : 0xa0c

    Kernel upgrades went perfectly on two desktop PC’s, both 18.3 with 4.13.0-26. This is a great service the Linux Mint Team is providing and your dedication is appreciated. Thank-you

  95. I had a problem with nvidia 340 drivers non working with the new kernel, the nvidia 304 driver worked but with the panel non responsive to mouse clicks. I solved it by manually removing all 340 related packages (dpkg -l | grep nvidia*), installing 340 openCL (sudo apt-get install nvidia-opencl-icd-340) and then selecting the nvidia 340 driver from driver manager. Now I have a perfectly working 4.13 kernel with nvidia 340. I had no problem with virtualbox, I have the 5.1.30 release but guest-dkms, guest-utils and guest-X11 are still at 5.0.40

  96. Hello, i’ve changed the kernel from 4.10.0-38.42 to 4.4.0-108 and installed intel-microcode version 3.20180108.0 on LM Cinnamon 18.3, but i’ve made all these yesterday (Jan 14).
    Do i have to make a clear installation (because many days passed before changes) or i’m ok?

  97. Alright so having kernel 4.4.0-108 installed on linux mint 18, with NVIDIA driver 340.102 (I have the old 9600 GT card) should be fine then? Because this is confusing.

    1. Hi @JohnNada I have same trouble but I have Mint 17 I resolved with a clean install with default Quiana. I have disabled all system updated and I have no INTEL debug PATCH. We have old Gpu graphic. Please @clem @linuxmintteam resolve with stable nouveau driver I am tired of this situation! Or Canonical and Mint Team ask to Nvidia to release universal drivrer for old Gpus Now I can’t make anything new system Update . If I made it my Pc will be broken…

  98. This security fix should be level 2 or 3. Because, all users of Linux Mint with updates level 1 to 3, without security update shown (or not updates level 5) will not have this update. This is unacceptable.

    1. Levels do not indicate the nature of the updates and certainly not whether they should be applied or not. Security updates are shown for all releases by default (no matter what level they are).

  99. Installing the Intel microcode won’t help with Spectre if your CPU is over five years old: all that will happen is that microcode used by older CPUs get updated to the latest version of the code, same as in the last BIOS update for your system. It won’t do any harm, probably, but won’t mitigate Spectre problems.

    Just sayin’.

    1. @Hubert Sanchez Google invented the whole thing in the first place, and now everybody is freaking out about their ‘old’ machines and somebody has supposedly found a way to shut off the Intel Management Engine etc….

      It’s all about TAILFINS. The Chinese already know what you buy from Amazon, don’t care if your TP is two-ply and are too broke to recycle your plastic junk into new plastic junk. If you are doomed you were doomed most of your life. Naught, it matters, and if it did, what then?

  100. I have a Dell Latitude E6510 Business Laptop, currently using LM 17.3 and NVIDIA-340. The Nvidia card is a GT218M (NVS 3100M).

    So NVIDIA patched their drivers for Meltdown/Spectre and quietly dropped support for my video card (and others) in the same upgrade (to 384.111)? Quoting Linus Torvalds: »Fuck NVIDIA!«

    1. Why do you advice to upgrade Kernel version 3.13.139 ? is it better to use Kernel version 3.16 ? @clem @linuxmintteam I have no support of Nvidia Driver for old gpu Nouveau driver doesn’t work with 3.13.139 version It’s better to use 3.16 so I can use Open source. Please @linuxMint takes considering my suggestion. Thanks.

  101. After installing the 4.4.0-109-generic kernel on Mint 17.3 my desktop and a few applications started flickering (rapidly displaying approx. 2 cm horizontal white and black lines). The cause looked to be the graphics driver and fortunately there was a helpful message in /run/motd.dynamic (which was not displayed after logging in in a terminal window but was displayed in a virtual terminal using Ctrl+Alt+F1):

    WARNING: Security updates for your current Hardware Enablement Stack
    ended on 2016-08-04:

    To upgrade to a supported (or longer-supported) configuration:

    * Upgrade from Ubuntu 14.04 LTS to Ubuntu 16.04 LTS by running:
    sudo do-release-upgrade


    * Switch to the current security-supported stack by running:
    sudo apt-get install libgl1-mesa-glx-lts-xenial:i386 xserver-xorg-lts-xenial libgl1-mesa-glx-lts-xenial libwayland-egl1-mesa-lts-xenial

    Note the above 4 packages are applicable to the Intel integrated graphics in my system (using the mesa driver as per output of ‘inxi -G’), but after installing these packages and rebooting the flickering disappeared. So for solving any issues a quick look at /run/motd.dynamic might help.

  102. I am just wondering why should I upgrade or patch a PC that will never go online (I use it for simulation/design RF and microwave circuits) I am more concerned on speed than someone stealing from this PC. I hope that said patch will always remain optional on new linux/Mint (and also Windows) releases.

    does everybody agree?


    1. If you don’t go online with your PC and you control who uses it (i.e. no other user can install malicious software) then you probably don’t have to worry too much about this security issue. Note though, that new versions of Linux Mint will probably include all the fixes by default.

    2. I agree too, Alessio. If the wires are cut off (or disconnected) then no any attacks are possible. It’s like a physically isolated local system in military or alike. No any patches are needed.
      But an easier way looks like to use a sand box for the design system, or virtual machine. So you can use, for example, the recent and fully patched Mint as a main host OS connected to the world, but the virtual machine inside of host Mint may have no Internet connection, and no usb and optical drives support as well. So the virtual machine guest system can be from the rarest and relict Windows or other OS to the most modern one, with the newest design applications, no more vulnerable because of viruses or the internet surveillance from those who made them… 🙂

    3. If you are the only account that logs on to your pc then you can even go online without patching. A hacker has to have physical access to your machine before he/she can use this exploit. The real problem is in the cloud or when logging into a virtual machine in a multi-tenant environment.

  103. Good evening, I patched my mint like this:
    Firefox 57.0.4
    NVIDIA 384.111
    kernel 4.13.0-26
    But since, on firefox I think it’s very very slow. On some apps too when I have an open web window.
    I did not apply intel microcode patch (it was always disabled).
    I think not put it because already it is slow since the passage in firefox 57.04 and kernel 4.13.0-26.
    Other people have also noticed this slow phenomenon on the internet?
    Is there something to do?
    I am on an asus Rog G750 i7

  104. Hi,LM team.
    After I upgraded kernel 4.13,my machine crashes when booting VMs on VirtualBox.
    Reproducibility is 100%.
    these vms are windows 10 ltsb and debian stretch(both 64bit and uefi).
    Reinstalling linux mint slyvia from iso without kernel 4.13 works fine.
    my machine consists of:
    Asrock deskmini110
    Pentium G4560 (Kabylake)
    Silicon Power SP008GBSFU240B02 (

    BIOS is up to date.
    Installed Virtualbox version is LM’s repository version(so I don’t know what version I’m using) I installed it from apt- get.
    I’m scared of Meltdown vulnerability,but not working vms mean nothing to me.
    Are there any report about virtualbox on kernel 4.13?
    Any suggestions?

    1. This has been reported by several people in the comments. Apparently, the virtualbox version in the Linux Mint repositories is incompatible with kernel 4.13. People suggested to download a newer version from the virtualbox website. Or use a different kernel (4.4. is also patched).

    2. Hi DIGINON.
      OK,I see.
      I don’t want to use the newest linux kernel and virtualbox at the same time because it is tend to unstable(and not well tested).
      It seems that 4.4 LTS is more compatible with around applications.
      so I decided to use 4.4 LTS kernel.
      I will google it how to use patched 4.4 LTS with linux mint 18.3.
      thank you.

  105. Hi Clem and LM Team,

    A couple of linux distribution packed their new release with kernel 4.14 that already fixes the Meltdown attack and partially mitigates the Spectre vulnerability through updated CPU microcode and on the application level, but LM still with 4.13. When will LM update it to 4.14? Or is it 4.14 is better than 4.13 in terms of Meltdown and Spectre mitigation?


  106. I like Mint. The good operating system for beginners. However, it has a very large update path: Debian, Ubuntu, Mint. Windows, RedHat and SUSE were updated a long time ago. It a problem, the real problem for us. Mint has not been updated yet! Maybe it’s worth trying to do something based on OpenSUSE instead of Debian?

    P.S. The SWF (Sucuri Website Firewall) is badly for any Onion user. Even Cloudflare is not as surly as this.
    : ‘(

  107. Please can someone give me some clarification… I have the old 9600 GT and the only drivers that show up are the 340.102 proprietary driver… And of course the nouveau driver… I am on mint 18. Did all the updates chrome/firefox etc, etc… What am i supposed to do now? The 384.111 drivers are nowhere to be found…. What´s the next step?

    1. “Please can someone give me some clarification”
      Where can I find list of CPUs who can have microcode upgrade, or those CPUs not for upgrade!
      That is very simple and will be more clear for all, and less questions here.

    2. Peter E
      > I am guessing that Intel has a web resource also.

      I can not find that report at

      Anyone else have this list about CPU microcode upgrade?

    3. @John Nada, I had a similar situation on some of my OS. Start Synaptic utility (the password is needed to enter). Click the find icon (magnifier) and type nvidia to get the list of lines with nvidia. There should be several occasional lines containing nvidia 340.102 among the others. They are marked as installed. But somewhat bellow each of them, the corresponding line of nvidia 381.111 goes. As I remember, I simply marked for istallation (right click each – Mark for Installation) each 381.11 line corresponding to the upper 340 line. It’s about only three of them there or so. Press Apply. Synaptic should ask a confirmation: those 340.102 – to uninstall, these 381.111 – to install. Press OK. Synaptic tells about successful install. Ok. Close Synaptic. Reboot. If a disaster, restore the clone of the system made with Timeshift before upgrading, as Clem tells (but I use Clonezilla for it.) Good luck!

  108. Cinnamon keeps crashing into fallback mode as soon as OS boots.
    Switching to non-proprietary display driver seems to have stopped the crashing (xserver-xorg-video-nouveau 1:1.0.13-3).
    Are the non-proprietary display drivers currently secure as well?

    LM 18.3 / 4.13.0-26-generic
    dkms status = bbswitch, 0.8, 4.13.0-26-generic, x86_64: installed

  109. I had issues with video when docking and undocking my Lenovo T440s to a docking station using the 4.13 kernel (display issues, freezing) and I went back to 4.10

  110. This is on Control Panel Device Drivers or something like that. Sorry I’m re-tanslating from my own Language. Look for Drivers it’s on top of Control Panel. You just have to select it if it is not already.

  111. Hi Linux Mint Team, I have trouble after update kernel 4.13. no prime choice at nvidia-settings.
    $ nvidia-settings:
    ** Message: PRIME: No offloading required. Abort
    ** Message: PRIME: is it supported? no

    ERROR: nvidia-settings could not find the registry key file. This file should
    have been installed along with this driver at
    /usr/share/nvidia/nvidia-application-profiles-key-documentation. The
    application profiles will continue to work, but values cannot be
    prepopulated or validated, and will not be listed in the help text.
    Please see the README for possible values and descriptions.
    $ dmks status
    bbswitch, 0.8, 4.13.0-26-generic, x86_64: installed
    ndiswrapper, 1.60, 4.10.0-38-generic, x86_64: installed
    nvidia-340, 340.102: added

    $ lspci | egrep ‘VGA|3D’
    00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 09)
    04:00.0 3D controller: NVIDIA Corporation GF117M [GeForce 610M/710M/810M/820M / GT 620M/625M/630M/720M] (rev a1)

    $ sudo dpkg-reconfigure nvidia-340
    Stopping nvidia-persistenced
    nvidia-persistenced: no process found
    Removing all DKMS Modules
    INFO:Enable nvidia-340
    DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/put_your_quirks_here
    DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/lenovo_thinkpad
    DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/dell_latitude
    Loading new nvidia-340-340.102 DKMS files…
    Building only for 4.13.0-26-generic
    Building for architecture x86_64
    Building initial module for 4.13.0-26-generic
    ERROR (dkms apport): kernel package linux-headers-4.13.0-26-generic is not supported
    Error! Bad return status for module build on kernel: 4.13.0-26-generic (x86_64)
    Consult /var/lib/dkms/nvidia-340/340.102/build/make.log for more information.

  112. Dear Linux mint team…. 384.111 does not work for the 9600GT… Are the millions of 9600GT owners expected to toss their cards in the bin? The card is still hugely popular as shown by Steam stats…. What are we supposed to do now? Sure i am planning an upgrade in a couple months, but to leave the 9600GT in the cold totally sucks and should not even happen.

    1. After the nightmares with the nvidia 304 driver (cinnamon crashes 100% of the time) I added exclusions in Update Manager for these drivers. I am running with nouveau now. Everything is fine. Kernel 4.4.0-lts1, nVidia [GeForce GT 740M]

  113. I’ve installed the microcode patches on two dual boot laptops (Windows and Mint). Everything works. I assume the patches installed from Driver Manager are processor specific and will work for any operating system. Can someone confirm this.

    1. Check your processor exact model as the Intel Microcode package only addresses some processors. My I5, for example, is nort patched by this release.

  114. Dear Linux mint team…. 384.111 does not work for the Nvidia 8800 GTX card. It reverts to fallback mode. I’m running Mint Cinnamon 18.3 on Intel Core Q6800 Extreme. I was able to successfully update to kernel 4.4.0-109 after 4.13.0-26.29 crashed Linux repeatedly. I was able to update Intel micro-code to 3.20180108 successfully. Hope this helps someone with ancient hardware.

  115. Well. I am running Mint 18.1(xfce if it matters) live booting off of an install DVD, I ran sudo apt-get dist-upgrade and the checked the Kernal and it had not changed version number. I am betting that you have to reboot to update the Kernal. Is there a way around this (there were a number of errors then I did the update and there were all related to the CDROM).

    1. You cannot change the kernel while the system is running. You have to reboot. Since you are running a live system, of course your system will revert to its original state. You would need to change the installation image on the DVD to make this permanent. I don’t think that Linux Mint already has an installation image that includes a patched kernel so just downloading and creating a new install DVD wouldn’t help.

  116. Running nvidia-detect tool from the terminal should help with knowing which driver series (304/340/384 or later) actually supports your card.

    1. Oops. Looks like it’s only in Debian repos, so it’s for LMDE. In Ubuntu-based Mint editions you’ll have to rely on the included driver manager.

  117. I posted this previously. After reading a number of other boards I want to get some “expert” advice that is Mint specific. I am running Mint 18.1(xfce if it matters) live booting off of an install DVD and I reboot no more than every 2 days. After reboot I update the packages databases and install the newest available Firefox. I also install run the script (I am assuming that it just calls a script) in multimedia (“Install Multi Media Codecs”). All of my internet activity occurs through Firefox (and of course whatever addons are installed) and the media codecs running in Firefox. I do use LibreOffice but for opening old word and excel documents (mostly Office 97-2003 compatible docs) and I open PDF files with the default viewer. I am running an older AMD processor (64 bit dual core 2.8gh or so). So the question is, as far as everyone understands the current threat, what is my exposure?

    PS I was getting ready to upgrade a number of my computers to later Xeon machines….. glad I didn’t do that.

    1. Thinking your exposure at this time is minimal. There have been no reported malware attacks on any of these processor vulnerabilities. I’m not minimizing the threat but seeing major enterprises not reacting to the call as patches can be more problematic then the potential threat. If there were a serious high-risk security issue, they would be locking these down STAT. They are being cautious instead.

  118. For the NVIDIA drivers I’m using xserver-xorg version 1:1.0.12-1build2, is this version patched?
    For the intel microcode is my device manager says Unknown This device is not working, should I change the option to intel-microcode, this computer is old

  119. today the microcode was “updated” (downgraded) to the previous version: intel-microcode (3.20180108.0~ubuntu16.04.2) to 3.20180108.0+really20170707ubuntu16.04.1
    and a new kernel-image just came along: linux-image-4.13.0-31-generic (4.13.0-31.34~16.04.1)

    would be nice to keep the blog-post updated even if it’s somehow confusing to follow the news…
    in other words: in the blogpost it says “Please use the Update Manager to upgrade intel-microcode to version 3.20180108.0.” which should be corrected, shouldn’t it?

    1. I agree, it’s getting hard to tell what’s what with the daily updates and confusion (with all OSs and CPUs) in this Spectre/Meltdown chaos on ANY site. A nice, clean ‘here’s what’s going on today’ would be beneficial.

    2. I see the same confusing things as Staubgold does.
      And I also can see a new 4.4.0-112 Kernel recommended for security. What to do ? Keep with kernel 4.4.0-109 or what ?

      Groeten van Dejan

  120. Curious about the micro-code update terms with the + . The 4.13. 31 kernal fixed a small glitch in Solaar on the task bar. Rebooted into 4.13.31 ok. Running on a Dell core 2 7400. Also have Cinnamon and a Mint on two other machines (Dell refurbish core 3 i 7 model 3770 and a old HP Pentium 2.8 (2006) plus LM XFCE all at 64 bit, not updated yet. So far no problems with any kernall updates. (4.40.109 as backup). Thanks for great OS’s.

    1. All OS’s updated: 64bit to 4.13.31 and 32 bit to 4.4.0-112 (also as backup on 64bit). On a non-Mint Ubuntu based OS, received both 4.13.31 and in one security update/download. Still no glitches observed (only retired old fart here).

  121. Spectre and Meltdown mitigation detection tool v0.32

    Checking for vulnerabilities against running kernel Linux 4.13.0-26-generic #29~16.04.2-Ubuntu SMP Tue Jan 9 22:00:44 UTC 2018 x86_64
    CPU is AMD E2-3200 APU with Radeon(tm) HD Graphics

    CVE-2017-5753 [bounds check bypass] aka ‘Spectre Variant 1’
    * Checking count of LFENCE opcodes in kernel: NO
    > STATUS: VULNERABLE (only 29 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

    CVE-2017-5715 [branch target injection] aka ‘Spectre Variant 2’
    * Mitigation 1
    * Hardware (CPU microcode) support for mitigation
    * The SPEC_CTRL MSR is available: NO
    * The SPEC_CTRL CPUID feature bit is set: NO
    * Kernel support for IBRS: NO
    * IBRS enabled for Kernel space: NO
    * IBRS enabled for User space: NO
    * Mitigation 2
    * Kernel compiled with retpoline option: NO
    * Kernel compiled with a retpoline-aware compiler: NO
    > STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

    CVE-2017-5754 [rogue data cache load] aka ‘Meltdown’ aka ‘Variant 3’
    * Kernel supports Page Table Isolation (PTI): YES
    * PTI enabled and active: NO
    * Checking if we’re running under Xen PV (64 bits): NO
    > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable)

    A false sense of security is worse than no security at all, see –disclaimer
    mustapa04@mustapa04 ~/tools/spectre-meltdown-checker $

    When I update the tool to the latest version, now it shows spectre variant 2 also vulnerable on my Linux Mint .

  122. Does anyone know if there is a beta or alpha of the 18.4 xfce release ready to go with a kernel version higher than or equal to 4.0.25?

    Is there an alpha test list?

  123. I wish to report, than on my desktop pc I have dual boot LM 18.3 Mate and LM 18.3 Cinnamon. All installed software are the same. On both linux I installed 4.13.0-31-generic #34. I check with these instructions ( ) for Meltdown and Spectre. On Mate all 3 are with status NOT VULNERABLE, but on Cinnamon second (CVE-2017-5715) is with status VULNERABLE? Very strange, because everything is the same (Intel microcode, system updates, kernel…).

    1. I see exactly the same thing. Here is the specific message:

      STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)

  124. I think I should report that the microcode update that was reverted (as reported by staubgold above) did make my system lock up every few hours due to kernel page faults. I have a laptop with a Kaby Lake 7820HK – a very new machine.
    I disabled intel microcodes in the driver manager and all is well again. After this experience I think I will wait out more than one intel ‘update’, especially since L. Torvald has called the recent intel update “complete garbage”. I tend to trust his judgement.

  125. Novice, so to speak; please excuse my lack on complete knowledge.
    Currently running Mint 18.1 Serena–64 bit. Current Kernel is 4.4.0-71 generic x86_64. Processor is AMD Turion x2 Dual Core RM_74x2.

    The last Kernel listed through update manager is 4.4.0 – 112 “Recommended for Security”

    1. Should I change to 4.4.0-112? Is this patched for Meltdown and Spectre?
    2. Should I use another Kernel?
    ————–Which One?
    ————–How do I get it?


    1. dd—-I am using Firefox 57.0.4—-I understand that this is the latest version and is secure from Meltdown.

  126. Hi!
    I am a full novice. I use an old laptop with mint 18 sarah 32 bit installed. My kernel is 4.4.0-21 generic i686 and the update manager show me as new kernel 4.4.0-112.135 Do i have to install this or there is another kernel to patch the meltdown and spectre? Why kernel update are level 5 when user guide says to avoid updates level 4 and 5? Do i have to install new linux firmware and xorg server too? Sorry for the stupidity of my questins but i am a total noob and i will not do an update without a clear answer from mint team because i do not know how to downgrade the kernel.

  127. One site read that preventing malicious software is possible by installing the latest versions of programs. Today in the update manager Firefox 58.0 appeared. Is it appropriate to update when the recommended version 57.0.4 or 58.0 will be more safe?

  128. Are these patches the final stable releases? I have updated FF and my browsers, but don’t plan on updating kernels and CPU microcode until I know it’s stable and not going to cause other issues. (been reading this lately)

  129. The 4.4.0-112.135 kernel should be patched. Linux firmware and xorg server updates are not related to the meltdown and spectre vulnerabilities as far as I know.
    If your computer does not work correctly after the kernel update, you can select to boot with the previous kernel and remove the 4.4.0-112.135 kernel. To boot using a previous kernel, select Advanced boot options from the boot menu. If you don’t see a boot menu at all hit the shift button while you boot up your computer. Then it should be displayed.

  130. Besides linux kernel 4.4.0-112.135 that is 63 MB there is another update called linux, a security update, 805KB, and the description says linux kernel headers for development, and it’s still 4.4.0-112.135. Do i have to install this too or not?

  131. I was running the 4.10 kernel before the whole Meltdown/Spectre thing. My laptop (Dell Latitude) doesn’t boot with the 4.13 kernel which replaced 4.10. I assumed that it was because NDISWRAPPER was incompatible with kernel 4.13. However, there is now an update for NDISWRAPPER offered through the Update Manager which supposedly fixes the issues with kernel 4.13. I installed the update and tried kernel 4.13 again. Unfortunately, my system still cannot boot kernel 4.13. The system just stops right when the login screen should show up. Any ideas?

  132. After reading this i realized that I have not been updating at all. I ran all the updates that were available but I screwed up by adding the 4 and 5 score updates. I assumed these numbers meant priority, not that they were un-trusted. Save the lecture, i know how stupid this was. How can i recover from this blunder? Do i need to just reformat and rebuild or is there a way to fix this otherwise?

    1. If you installed a kernel by accident that you don’t want to use, you can boot to a previous kernel (Advanced boot options in the boot menu) and then use the Update Manager -> View -> Linux kernels to remove the kernel again.

  133. My personal advise, as I mention before is to stop panicking on this non-sense frenzy. Leave your machine alone, regular updates aside, then wait a few weeks. Intel (executive VP Neil Shenoy) has release an update for OEM and big customers (January) to stop deploying its first patches. They are causing more problems then they fix, mostly computers rebooting by themselves. Microsoft has serious issues with its AMD patches too. I don’t know what the Linux status is but those patches are also brought into the kernel and fw I presume. A lot of software incompatibilities have now appeared.
    I wish Clem could issue a statement to calm down its users since all this is wreaking havok their computers for a very old security issue without any attacks ever found.

    1. Hi marlenejo, I can not agree. Until a couple of months ago, few people knew these bugs. Everyone knows it now. And someone will certainly try to exploit them. So it’s better not to be too calm.

    2. I agree with Gian Piero, but I’m gonna write using my own words.

      You seem to be oddly relaxed about something that amounts to be one of the worst computer security nightmares mankind has faced so far.

      So, I invite you to have a read on what Linus Torvalds has to say on this matter.

      Related news:

      Feel free to put the pieces together and come to your own conclusions.

      Besides, you’re claiming that no attacks were found, on a topic which is based around proof-of-concept attacks, executed successfully by security researchers that initially found these exploits and reported them to the involved parties, last year. What gives?

      And the only real “fix” for this ain’t no patches.It’s the replacement of the CPU for one that has a better architecture, which can not be attacked in ways like meltdown/spectre.

    3. Noted Piero. The chance of getting a virus in Linux is very low and the chance of getting a specific virus which exploit that vulnerability (non found yet) is abyssal. However the chance of breaking your machines with all those rush patches (like the rapid firing of 4.13 versions) is excellent.

    1. Die Kurzfassung auf Deutsch ist: Es sollten alle Sicherheitsupdates installiert werden, die im Update Manager angeboten werden. Auch der Kernel sollte aktualisiert werden. Falls Chrome oder Opera als Browser benutzt werden, sollte in den erweiterten Einstellungen eine Einstellung namens “Strict site isolation” aktiviert werden. Dazu opera://flags (für Opera) oder chrome://flags (für Chrome, Chromium usw.) in die Adresszeile eingeben und dann am besten nach der Einstellung suchen.

    1. I’m writing these running on 4.14.15 at the moment. I’ve been running my 32bit 12 y.o. HP laptop with the latest kernels without any problems (except for 4.13) .. Thanks to Ukuu .

      Of course you can do that way, the classic way.. But thanks to Ukuu you can very easily see, follow all the kernels and install/remove with a couple of clicks..

      Also, if you face any problems with any kernel, you have the option to start the pc with the older one (advanced options during Grub menu) and then remove the problematic one when it is not in use…

      You can install Ukuu either by using Synaptic, or using the Terminal simply (copying & pasting then entering the 2 lines below, one by one):

      sudo add-apt-repository ppa:teejee2008/ppa
      sudo apt-get update && sudo apt-get install ukuu

      When installed, it’s better to open Settings and check “don’t show the RC – Release Candidate- kernels”..

      ( Writing these assuming you don’t know, I hope you like and it works 🙂 )

  134. Intel says not to download update for Intel Microcode. Will they provide an update or will mint 19 have the fix?

  135. i am running Mint 18.3 Sylvia (KDE) on an HP laptop with Intel(R) Core(TM)2 Duo . i installed the 3.20180108.0~ubuntu16.04.2 microcode update, but it is reported in update mgr and apt-show-versions as
    intel-microcode:amd64/xenial-security 3.20180108.0~ubuntu16.04.2 . i have not yet installed the
    3.20180108.0+really20170707ubuntu16.04.1 update. sseveral other packages report similar results, eg
    gcc-5:amd64/xenial-updates 5.4.0-6ubuntu1~16.04.6

    is it normal to indicate amd64 on an intel machine?

  136. Hi All,
    I’m using Mint 17.3 MATE with KERNEL 4.4.0
    TODAY, 6 February 2018, The Update Kernel manager, show as LATEST version the 4.4.0-98 !!!
    and not the 4.4.0-108.
    Who can tell me why and how ca I update to kernel that fix spectre/meltdown??

    1. Bob, I don’t know why it doesn’t appear, but on my update manager (and also according to the Synaptic Package Manager), the latest one of 4.4.0-… series is 4.4.0-112 for the time being.

      (Assuming you don’t know) :

      Open the Menu and type Synaptic and start that program (it will ask your password, type and enter..)..

      (Like the one in this picture: ) Just in the middle above you’ll see a quick filter box: You can simply type something like: Kernel 4.4.0- or Kernel 4.4.0-112 and then choose the below ones among the several results, or directly copy from here and paste in the filter box one by one to get them directly and exactly; what you need is these 4 files :


      (When you find them, right-click on each and “Mark for Installation” .. After marking all 4, click the button above “Apply” ..

      (It must update the Grub after installation, but nothing to loose; open a Terminal and type (or copy-paste from here and then hit Enter : sudo update-grub ) .. That’s it..

      P.S. You can also install the very latest kernel so easily using a software called Ukuu, and see if there’s any problems with the sound, wireless, printers, screen etc, ( Nothing to afraid.. Because kernels are not installed on each other, but installed separately and your working kernel 4.4.0-98 will be staying there unless you uninstall it yourself.. and you’ll have the option to start the pc with the old and trusted kernel, in case of a problem)

      (Just have a read my comment above: )

      I hope it works 🙂

  137. @Cyberbob, you maybe try this, and install kernel newer than 4.4.0-109:
    sudo add-apt-repository ppa:canonical-kernel-team/ppa
    sudo apt-get update

  138. I’m running 17.2 Cinnamon LTS and currently running kernel 3.16.0.-38-generic. FF, Chrome and Nvidia are all updated and configured.

    Do I downgrade the kernel to 3.13.0-139 to complete the fix?

Leave a Reply

Your email address will not be published. Required fields are marked *