Ubuntu wil soon release patches for its OS in order to protect users from the "Meltdown" and "Spectre" vulnerabilities.
At its heart, this vulnerability is a CPU hardware architecture design issue. But there are billions of affected hardware devices, and replacing CPUs is simply unreasonable. As a result, operating system kernels - Windows, MacOS, Linux, and many others - are being patched to mitigate the critical security vulnerability.
Canonical engineers have been working on this since November 2017 and have already tested and integrated a complex patch set into a broad set of Ubuntu kernels and CPU architectures.
Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible. Updates will be available for:
- Ubuntu 17.10 (Artful) - Linux 4.13 HWE
- Ubuntu 16.04 LTS (Xenial) - Linux 4.4 (and 4.4 HWE)
- Ubuntu 14.04 LTS (Trusty) - Linux 3.13
- Ubuntu 12.04 ESM (Precise) - Linux 3.2
- Ubuntu 18.04 LTS (Bionic) will release in April of 2018, and will ship a 4.15 kernel, which includes the KPTI patchset as integrated upstream.
Ubuntu optimized kernels for the Amazon, Google, and Microsoft public clouds are also covered by these updates.
These kernel fixes will not be Livepatch-able. The source code changes required to address this problem is comprised of hundreds of independent patches, touching hundreds of files and thousands of lines of code. The sheer complexity of this patchset is not compatible with the Linux kernel Livepatch mechanism. An update and a reboot will be required to active this update.
Furthermore, you can expect Ubuntu security updates for a number of other related packages, including CPU microcode, GCC and QEMU in the coming days.