1

I am using "Ubuntu 20.04.4 LTS" and in response to a OS kernel vulnerability reported by canonical as per a security notice below I intend to upgrade the linux kernel

[ USN-5317-1: Linux kernel vulnerabilitie][1] [1]: [https://ubuntu.com/security/notices/USN-5317-1][1]

I was under the impression that upgrading kernel to the latest version should do the trick and that should be as easy as "apt dist-upgrade "

My existing kernel version as shown by uname -r is

# uname -r 
5.4.0 -92-Generic

so in order to upgrade all packages including the kernel I ran

apt dist-upgrade  
reboot 
# after reboot 
uname -r
5.4.0-104-generic

However since this isnt showing me desired kernel version I perform following specific package installs manually

enter code here
apt -y install linux-image-5.13.0-35-generic
apt -y install linux-image-5.13.0-35-generic
apt -y install linux-image-5.13.0-1017-aws 
apt -y install linux-image-virtual-hwe-20.04
apt -y install linux-image-aws
apt -y install linux-image-lowlatency-hwe-20.04
apt -y install linux-image-5.14.0-1027-oem
apt -y install linux-image-5.13.0-1017-azure
apt -y install linux-image-oem-20.04c
apt -y install linux-image-oem-20.04b
apt -y install linux-image-oem-20.04d
apt -y install linux-image-generic-hwe-20.04
apt -y install linux-image-azure
apt -y install linux-image-oem-20.04
apt -y install linux-image-5.13.0-1019-gcp
apt -y install linux-image-5.13.0-35-lowlatency
apt -y install linux-image-gcp
apt -y install linux-image-5.13.0-1021-oracle
apt -y install linux-image-oracle
reboot

And then I see that the kernel is upgraded as follows to 5.13.0

uname -sr
Linux 5.13.0-35-generic

So the question are as follows

  1. This is a daft question; but how do I list all kernel packages
  2. Why does not apt dist-upgrade upgrade kernel to 5.13.0 if that is a later version ; why is it necessary to install specific packages like I did

Thanks for your help

Yogesh

Artur Meinild
  • 26,018
Yogesh Devi
  • 211
  • 4
    It's NOT necessary to install packages like you did and in fact it isn't recommended. If you need newer kernels you should install the Hardware Enablement stack (HWE) otherwise the original long term support kernel branch is kept: https://ubuntu.com/kernel/lifecycle – ChanganAuto Mar 14 '22 at 12:03
  • 5
    Additional information: What is hardware enablement (HWE)? – ChanganAuto Mar 14 '22 at 12:03
  • ChanganAuto Thanks a lot. So does installing the Hardware Enablement stack itself upgrade the kernel and thereafter will an apt dist-upgrade get me the later kernel as more advances happen – Yogesh Devi Mar 14 '22 at 12:09
  • Indeed that's the case. – ChanganAuto Mar 14 '22 at 12:13
  • 3
    Ubuntu LTS releases have two kernel stacks; both of which get all security fixes applied. The GA kernel (the more stable option) is 5.4, with the HWE kernel currently 5.13 (kernel from 21.10 currently at 20.04.4). You switched from GA (5.4) to HWE (5.13) which just changed kernel stack.... Many CVEs can impact one kernel (GA or HWE) but not the other (GA or HWE) so they'll only get patches applied if impacted by the security flaws. – guiverc Mar 14 '22 at 12:13
  • Was there any reason why you didn't just "sudo apt update && sudo apt upgrade"? That upgrades your kernel to the latest version, which is 5.13.x – Carlos B Mar 17 '22 at 20:11

0 Answers0