- Newest
- Most votes
- Most comments
Reboot the instance and it will come back on the new kernel.
sudo shutdown -r now
Security:Kernel-6.1.66-91.160.amzn2023.x86_64 is an installed security update
Security: kernel-6.1.55-75.123.amzn2023.x86_64 is the currently running version
Can you run uname -r to verify that the listed kernel version, i.e. 6.1.66-91.160, or higher is running?
[ec2-user@al2023 ~]$ uname -r
6.1.79-99.164.amzn2023.aarch64
Motd may need to be updated. Try running this command and verify again
cat /etc/motd
sudo update-motd
cat /etc/motd
Edit: From kernel version(6.1.38-59.109), your AL2023 is at version 2023.1.20230809. You can verify with dnf info system-release command
To check for newer release
dnf check-release-update
To upgrade to latest version which is 2023.3.20240312 as of time of writing
sudo dnf update --releasever=2023.3.20240312
Reboot after patching If this still does not work, you could have hard-coded the kernel version. I would check the /etc/default/grub and /boot/grub2/grubenv files For example, this is my /etc/default/grub and grubenv file
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8 nvme_core.io_timeout=4294967295 rd.emergency=poweroff rd.shell=0 selinux=1 security=selinux quiet"
GRUB_TIMEOUT=0
GRUB_DISABLE_RECOVERY="true"
GRUB_TERMINAL="ec2-console"
GRUB_ENABLE_BLSCFG="true"
GRUB_X86_USE_32BIT="true"
GRUB_DEFAULT=saved
GRUB_UPDATE_DEFAULT_KERNEL=true
# GRUB Environment Block
# WARNING: Do not edit this file by tools other than grub-editenv!!!
boot_success=1
boot_indeterminate=0
saved_entry=ec294933b0e603800c8968a77843487b-6.1.79-99.164.amzn2023.aarch64
##################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
Current running kernel [ec2-user@ip-172-31-23-23 ~]$ sudo uname -r 6.1.38-59.109.amzn2023.x86_64
[ec2-user@ip-172-31-23-23 ~]$ cat /etc/motd Updates Information Summary: available 16 Security notice(s) 14 Important Security notice(s) 2 Medium Security notice(s) Security: kernel-6.1.79-99.164.amzn2023.x86_64 is an installed security update Security: kernel-6.1.38-59.109.amzn2023.x86_64 is the currently running version Run "sudo dnf update" to apply all updates.
So I'm really looking for the command to switch to kernel-6.1.79-99.164.amzn2023.x86_64
Thanks for the info. You will need to update to newer AL2023 release. I have updated my post
For Live Kernel patching, you need to setup your instance with kpatch-dnf plugin. Take a look a this documentation. [1]
Once running, you can see the patches with the sudo kpatch list command
[1] Kernel Live Patching on Amazon Linux 2023 - Enable Kernel Live Patching - https://docs.aws.amazon.com/linux/al2023/ug/live-patching.html#live-patching-enable
I understand all that. The patching itself works. Question is how to get my VM to actually use the latest kernel "kernel-6.1.66-91.160.amzn2023.x86_64". See below. Updates Information Summary: available 4 Security notice(s) 4 Important Security notice(s) Security: kernel-6.1.66-91.160.amzn2023.x86_64 is an installed security update Security: kernel-6.1.55-75.123.amzn2023.x86_64 is the currently running version
, #_
_ ####_ Amazon Linux 2023 ~~ _#####' '-> ~~~ / ~~._. _/ _/ _/ _/m/' Last login: Thu Mar 14 09:41:46 2024 from 172.31.25.108 [ec2-user@ip-172-31-23-23 ~]$ sudo kpatch list Loaded patch modules: livepatch_CVE_2023_5090 [enabled] livepatch_CVE_2023_5197 [enabled] livepatch_CVE_2023_5717 [enabled]
~~ ###| ~~ #/ ___ https://aws.amazon.com/linux/amazon-linux-2023 ~~ VInstalled patch modules: livepatch_CVE_2023_3776 (6.1.38-59.109.amzn2023.x86_64) livepatch_CVE_2023_5090 (6.1.55-75.123.amzn2023.x86_64) livepatch_CVE_2023_5197 (6.1.55-75.123.amzn2023.x86_64) livepatch_CVE_2023_5717 (6.1.55-75.123.amzn2023.x86_64)
Relevant content
- Accepted Answerasked a year ago
- asked 6 months ago
- asked 18 days ago
- asked 3 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 6 months ago
Tried it and doesn't work after this command this is what shows [ec2-user@ip-172-31-23-23 ~]$ sudo shutdown -r now
Broadcast message from root@ip-172-31-23-23.eu-central-1.compute.internal on pts/1 (Thu 2024-03-14 14:42:25 UTC):
The system will reboot now! login as: ec2-user Authenticating with public key "linux_2023_ed25519" Updates Information Summary: available 16 Security notice(s) 14 Important Security notice(s) 2 Medium Security notice(s) Security: kernel-6.1.79-99.164.amzn2023.x86_64 is an installed security update Security: kernel-6.1.38-59.109.amzn2023.x86_64 is the currently running version
, #_
_ ####_ Amazon Linux 2023 ~~ _#####' '-> ~~~ / ~~._. _/ _/ _/ _/m/' Last login: Thu Mar 14 14:31:03 2024 from 172.31.25.108 [ec2-user@ip-172-31-23-23 ~]$~~ ###| ~~ #/ ___ https://aws.amazon.com/linux/amazon-linux-2023 ~~ V