Upgrade Linux Kernel in Ubuntu Mate (ARM)

de.schurk · 9 November 2016 13:29

Hi all,
I’ve been searching for a tutorial how to upgrade my Linux Kernel on my Raspberry Pi 3. I followed some tutorials but they are all written for x64/x86 architecture with x64/x86 links to deb files. I’m pretty new to linux so excuse me for asking stupid questions.

I did a ‘uname -r’ in a console which returned Linux Kernel Version: 4.1.19.
It did actually surprised me because I know some vulnerabilities which have been fixed in Linux Kernel 4.7 and 4.9 rc2 so I really need to update to at least Kernel 4.7 for ARM(v8) devices.

For example the Dirty Cow exploit is fixed in 4.9 rc2
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html

I really want to keep my Ubuntu Mate as safe as possible, is there someone who can tell me how to upgrade to at least Kernel 4.7 for ARM devices. Or more information about keeping my Ubuntu Mate safe for vulnerabilities. I’m getting the feeling that my Raspberry Pi Ubuntu Mate is very vulnerable.

Thanks in advance guys!

aworan · 9 November 2016 21:39

Hi,
Kernel updates for Ubuntu mate for raspberry pi are not standard.
The kernel use is from the raspberry pi foundation not upstream one for now (until we get rpi full support on upstream kernel I guess)
Ubuntu mate for raspberry pi is amrv7 not armv8 it is only 32 bits until upstream kernel will be ready.
Raspberry pi fondation correct dirty cow but in last release so if you want to update kernel type in a terminal :
sudo BRANCH=next rpi-update
Then reboot.

Aworan

de.schurk · 10 November 2016 20:04

Thanks @aworan for the information, the sudo BRANCH=next rpi-update worked. Now the kernel shows me 4.4.30-v7+. And according to a post from DougieLawson it should contain the Dirty Cow fix.

by DougieLawson » Tue Nov 08, 2016 7:29 pm
sudo apt-get update && sudo apt-get -y dist-upgrade will get you the latest RPF stable and recommended 4.4.27+ kernel which includes the Dirty COW fix, plus updates for lots of other Raspbian packages.

sudo rpi-update will get you the 4.4.30+ kernel which seems to be reasonably stable, but is "experimental".
sudo BRANCH=next rpi-update also gets a 4.4.30+ kernel and the bootcode that allows you to USB/PXE boot on RPI3 with no SDCard, that's also reasonably stable, but more "experimental" than the rpi-update stuff. 

Pick your poison but with a strong recommendation to stick with the safest option.

I’m still trying to understand the whole kernel thing so correct me if I’m wrong but is it safe to say that the uname -r command on my raspberry pi shows me a different kernel version than the original Linux Kernel? Because this link tells me the Dirty Cow is fixed on the Linux Kernel 4.9.

Is there some way to keep updated about the kernel updates for the Raspberry’s?

(Again, sorry if I’m asking stupid questions… I’m all new to this thanks for taking time to a newbie )

aworan · 11 November 2016 10:16

Raspberry pi fondation maintain a special kernel for raspberry pi. They patch it with a lot of stuff and security patch. Dirty cow is fixed even in 4.4.x version because they back port security patches.
Upstream kernel don’t support completely raspberry pi. Some developers are adding stuff to mainline kernel to have native support. Until then we must use raspberry pi fondation kernel.
Dirty cow is a joke, because there is a lot of security leaks in kernel, but because a lot of media speaks about it a lot of people are scare but there is hundred fix for security fix each year.

de.schurk · 11 November 2016 12:36

Thanks again for explaining! In the future I will use the sudo BRANCH=next rpi-update to keep my RaspB. up to date