We have tried the extra kernel postinst script and it doesn't seem to function appropriately.
The core issue for us is that our organization monitors our servers using Qualys, and Qualys reads the kernel version on disk. Qualys isn't intelligent enough to know that Livepatch has patched the running kernel. So Qualys ends up flagging all of our servers as having critical vulnerabilities (again, because it only checks the kernel version on disk), even though technically the vulnerability has been patched in the running kernel. It is very frustrating to have to try and explain to our central security team that the Qualys results are a false positive every time this happens and we are contacted about it. We are an Ubuntu Pro customer and we did open a ticket about this in January 2025, but no ETA is available regarding this bug, sadly. We hope that Canonical starts working on this situation soon. We would rather not disable Livepatch, but given comments above, it seems like the corporate view at Canonical is that we should disable it because (according to them) we are not getting any value from it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2017401 Title: Unexpected / unwanted unattended-upgrades behaviour after kernel upgrade when Livepatch enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/2017401/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
