Ubuntu Xenial 16.04 users who updated to receive the Meltdown and Spectre patches are reporting they are unable to boot their systems and have been forced to roll back to an earlier Linux kernel image.
The issues were reported by a large number of users on the Ubuntu forums, Ubuntu's Launchpad bug tracker, and Reddit thread. Only Ubuntu users running the Xenial 16.04 series appear to be affected.
All users who reported issues said they were unable to boot after upgrading to Ubuntu 16.04 with kernel image 4.4.0-108.
"Just did an update this morning to 4.4.0-108-generic and the boot failed to process," said Punit Patpatia, an Ubuntu user, earlier today.
"Yep - same here - did update and lockup at boot screen," added a different user on the Ubuntu forums.
Canonical, the company behind Ubuntu OS, deployed Linux kernel image 4.4.0-108 as part of a security update for Ubuntu Xenial 16.04 users, yesterday, on January 9.
According to Ubuntu Security Notice USN-3522-1 and an Ubuntu Wiki page, this was the update that delivered the Meltdown and Spectre patches.
A Canonical spokesperson was not available for comment on the issue, but two new Ubuntu 16.04 updates [1, 2] with Linux kernel image 4.4.0-109 were released two hours before this article's publication.
Some of the users who reported issues with the previous update said the new kernel build worked fine. As a last resort, rolling back to kernel image 4.4.0-104 also fixes the boot issues for affected users.
Article title updated because we used the term "bricking" incorrectly. Bleeping Computer regrets the error.
Comments
Sijmen - 6 years ago
Technically, if you are able to boot with an older kernel, your computer is not bricked. ;-)
campuscodi - 6 years ago
You are right. I've updated the title.
Occasional - 6 years ago
Could put this comment after any of the related articles, but here will do:
In an earlier article you quoted a source that referred to the Meltdown/Spectre Speculative Execution vulnerability (is there already an abbreviation for this, like MSSEV, Messy-v...?), and the chaotic efforts to close the vulnerability, as "a mess". Indeed.
We're now a week into the public disclosure (and half a year since the confidential); and the situation seems even messier. The immediate priority remains to close the vulnerability as quickly and with as little disruption as possible; but we should also be asking questions and making assessments as to just how things got this messy.
Taken from BC article https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/ :
"...Google has just [1/3/2018] published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995..."
"...concern two attack scenarios that Horn discovered and reported to CPU vendors in June 2017...based on previous academic research published by researchers from the Graz University of Technology, Cyberus Technology, and others...." --- [Point being these scenarios were thought of, rather than seen in the wild; and passed to vendors in order to close the vulnerability.]
"Horn describes these issues as hardware bugs that will need both firmware patches from CPU vendors and software fixes from both OS and application vendors...." --- [Will require the full attention and commitment of virtually the entire, global, computer industry].
"...decided to publish the reports today "because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation." --- [A risk only made manifest by public reports and speculation of imagined scenarios.]
We can't know if anyone saw the same vulnerabilities, imagined the same scenarios, and then went on to exploit them in the last two decades; we only know of no evidence that anyone had. If no one did, then all the mess of the past week has been due to the exploitation a vulnerability in the system the IT industry has --> to close not-as-yet exploited vulnerabilities!
Who's taking responsibility for that?
NickAu - 6 years ago
My PC just updated to kernel image 4.4.0-109 and everything seems to be working fine.
The_Dismantler - 6 years ago
I wonder if those having issues are using AMD processors, perhaps similar to the issue the Microsoft patches were having? Intel was fine, AMD not?
hopper15 - 6 years ago
Running windows 8.1 with AMD on both my notebook and desktop. I'd rather wait than risk installing some of these buggy patches from Microsoft. While I will need the security patches at some point my understanding is the folks who run servers with sensitive data — banks, brokerage houses, military contractors, cryptocurrency exchanges need to be concerned about Meltdown and Spectre in the near term.
jheusala - 6 years ago
This update does not include Spectre fix. Only Meltdown (CVE-2017-5754).
There is no fixes for the kernel and Specte in Ubuntu yet. Those are CVE-2017-5753 and CVE-2017-5715.
Lohitt - 6 years ago
Yes all Ubuntu patches are for Meltdown only.
mister_bludgeon - 6 years ago
what I would like to see is a recommendation from the Ubuntu folks as to what users should actually DO about this when they want to either update an existing system or do a fresh installation (like on the laptop I just ordered, which will arrive with that Windows garbage on it).
starting with the Xubuntu 16.04 desktop I'm sitting at now: do I dare apt update && apt upgrade?
NickAu - 6 years ago
Ubuntu has released updates kernel 4.4.0-112-generic
Read more here https://www.bleepingcomputer.com/forums/t/667654/latest-ubuntu-meltdownspectre-updates-break-my-pc/?p=4429944