How to update CentOS 7 with fixes for Spectre and the Meltdown cyber security threats

DCIM_Support · ‎2020-07-04

You can patch CentOS v7 for Spectre and the Meltdown cyber security threats yourself if you have administrator access to the system.
First, check ssh to your system and try this command:

$ uname -r 3.10.0-693.5.2.el7.x86_64

This is the system's kernel version. Take note of it.

Now, let's update CentOS to latest packages:

$ sudo yum update

Depending on your version of CentOS you may get different size of download. Mine was 294Mb. After accepting the download you may have to wait for packages to install.
When package update is complete, you should reboot your system:

$ sudo reboot

After reboot you can check kernel version again

$ uname -r 3.10.0-693.11.6.el7.x86_64

Version should be 3.10.0-693.11... or later.

You could also check kernel changelog, to see if it has entries about CVE-2017-5753

$ rpm -q --changelog kernel | egrep 'CVE-2017-5753' - [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [fs] udf: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [fs] prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [kernel] userns: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [scsi] qla2xxx: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [netdrv] p54: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [netdrv] carl9170: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [media] uvcvideo: prevent speculative execution (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [x86] cpu/AMD: Make the LFENCE instruction serialized (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753} - [misc] locking/barriers: introduce new memory barrier gmb() (Josh Poimboeuf) [1519788 1519786] {CVE-2017-5753}

If your system was not patched, there are nothing in changelog about 'CVE-2017-5753'

This worked for me.

DCIM_Support · ‎2020-07-04

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.