We envision a future were owning and administering your own personal server is simple and commonplace. This vision naturally arises as more and more people begin to use and advocate distributed and decentralized technologies like Bitcoin and our very own DNSChain. Instead of learning to drive, they’ll learn to administrate a server. 🙂

So, along a similar vein of our previous tutorial for How to update OpenSSL on Debian testing (Jessie) for #Heartbleed, today we’ll show you how to downgrade a Linux kernel so that you can get the patch for the recent deadly-dangerous privilege-escalation vulnerability CVE-2014-3153 if you’re running on a non-stable distribution (or are running one of the latest kernels).

Before we begin, a few important notes

  • Sysadmins should subscribe to the debian-security-announce mailing list to keep up-to-date on the latest security advisories.
  • At the time of this posting you actually have two options: downgrade to kernel version 3.2.57-3+deb7u2 in Debian stable, or upgrade to 3.14.5-1 found in Debian unstable (sid). Either choice is fine, and there may even be reasons to prefer upgrading (systemd works better), but traditionally when such patches are released, they are released for Debian stable first, and so quick-thinking sysadmins will want to know how to grab the updates from stable if they made the mistake of not running Debian stable or if they updated some piece of software from one of the non-stable repos.

The Procedure

Step 1: Change your apt sources to stable (security)

Edit /etc/apt/sources.list, comment out your previous sources and add these:

Then run aptitude update as root.

Step 2: Find the correct kernel version and install it

Don’t forget to install the linux kernel headers as well:

 Step 3: Update grub to boot the new kernel

These instructions are for grub version 2:

  1.  Look inside /boot/grub/grub.cfg and find the title of the menuentry for the new kernel. In our case it was Debian GNU/Linux, with Linux 3.2.0-4-amd64
  2. Edit /etc/default/grub and set GRUB_DEFAULT="Debian GNU/Linux, with Linux 3.2.0-4-amd64" (or whatever the title was).
  3. Save the file and run grub-update. Grub will probably complain and tell you to set the title to something else (a very long, more specific string that seems based on either a hash or a UUID). Copy that string and set GRUB_DEFAULT to it, then run grub-update again.

Now you can reboot (or systemctl reboot). After reboot, reset your /etc/apt/sources.list if necessary and  run aptitude update again.

To upgrade (instead of downgrading) the kernel, follow the instructions in our previous sysadmin post (modifying as appropriate).

Donating = Loving!
You can empower our work by donating!

4 thoughts on “How to downgrade a linux kernel on Debian

  1. Reply

    Roland

    Thanks for these instructions.

    I had a problem with my laptop which could suspend on lid closure but couldn’t wake when oppening the lid.

    Downgrading the linux kernel to a previous version solved the problem.

    Thanks.

  2. Reply

    Ryckes

    Same as Roland: After last kernel update, the laptop would not wake up after suspend (either closing the lid or using the menu). After downgrading the kernel as the post says it works again. It also works if I use kernel version 3.16, from Wheezy backports, but then the wireless would not work (Lenovo B590).

    Thank you!

    PS: For me, the command for grub was update-grub, instead of grub-update.

    1. Reply

      Ryckes

      (I cannot edit)
      Actually, I just realized it was not a downgrade, but an upgrade, to 3.2.65-1+deb7u1. Looks like there was a regression to a suspend/resume bug, and it’s been now fixed.

  3. Reply

    cguevara

    Great post. My debian jessie went kernel panic on my XPS with latest kernel stable upgrade, then used this guide to down it to 3.16.7-ckt11-1+deb8u3. Thanks a lot.

Leave a Reply

Your email address will not be published. Required fields are marked *