A fix for Spectre & Meltdown: update your Linux kernel in place (running CentOS/RHEL 7 or above), and live happily ever after

If you launch an instance from the official CentOS or RHEL 7.x AMI on AWS, you will be running kernel 3.1 as of this writing. That’s not a good idea. You can easily take advantage of improved security features of newer kernels that are already available in a stable release. The renowned Linux kernel maintainer Greg Kroah-Hartman released the Linux Kernel 4.14.15, which includes important fixes for Spectre & Meltdown. Here is how to update your Linux kernel from 3.1 to 4.16.11 in place.

Step 1. Import the repo key

First, import the GPG key for the repository:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

Step 2. Install the repository

Install the repository that holds your new kernel:

yum install http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Before you enable the new repo, you can peek inside its configuration file to see what it will be doing:

nano /etc/yum.repos.d/elrepo.repo

Step 3. Enable the repository

Enable the repository with this command:

yum --enablerepo=elrepo-kernel install kernel-ml

Step 4. Install the RPM of your new kernel

To install your new kernel for CentOS/RHEL 7.03, run this command:

yum install http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Step 5. List all available kernels

List all kernels that are available to the grub bootloader on your system:

awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg

Step 6. Select the new kernel

From the list of available kernels, select the new kernel:

grub2-set-default 0

The number 0 denotes the first kernel in the list.

Step 7. Save the new configuration and reboot

Save your new configuration:

grub2-mkconfig -o /boot/grub2/grub.cfg

Reboot.