fix: unfreeze 2204 kernel to pick up new one which has CVE fixes in 1109#8381
Merged
awesomenix merged 1 commit intomainfrom Apr 22, 2026
Merged
fix: unfreeze 2204 kernel to pick up new one which has CVE fixes in 1109#8381awesomenix merged 1 commit intomainfrom
awesomenix merged 1 commit intomainfrom
Conversation
awesomenix
requested review from
AbelHu,
Devinwong,
SriHarsha001,
calvin197,
cameronmeissner,
djsly,
ganeshkumarashok,
junjiezhang1997,
lilypan26,
mxj220,
pdamianov-dev,
phealy,
r2k1,
sulixu,
surajssd,
timmy-wright and
zachary-bailey
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes the Ubuntu 22.04-specific kernel pin in the VHD build so Ubuntu 22.04 images can pick up newer Azure LTS kernel builds that include recent CVE fixes.
Changes:
- Removed the explicit pin to
linux-image-5.15.0-1102-azurefor Ubuntu 22.04. - Allowed Ubuntu 22.04 to follow the standard
linux-image-azure-lts-22.04package path (same pattern as other supported Ubuntu releases).
Comments suppressed due to low confidence (1)
vhdbuilder/packer/pre-install-dependencies.sh:158
- Removing the Ubuntu 22.04 kernel pin here will change the resulting
uname -ron built images, but the VHD content test still expects an exact5.15.0-1102-azurekernel for 22.04 non-CVM builds (seevhdbuilder/packer/test/linux-vhd-content-test.sharoundtestLtsKernel). Update that test expectation (or relax it to a major/minor match) so CI doesn’t fail once 22.04 starts picking up newer kernels (e.g., 1109).
else
# Use LTS kernel for other versions
KERNEL_IMAGE="linux-image-azure-lts-${UBUNTU_RELEASE}"
KERNEL_PACKAGES=(
"linux-image-azure-lts-${UBUNTU_RELEASE}"
"linux-tools-azure-lts-${UBUNTU_RELEASE}"
"linux-cloud-tools-azure-lts-${UBUNTU_RELEASE}"
"linux-headers-azure-lts-${UBUNTU_RELEASE}"
"linux-modules-extra-azure-lts-${UBUNTU_RELEASE}"
)
echo "Installing LTS kernel for Ubuntu ${UBUNTU_RELEASE}"
fi
cameronmeissner
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
pickup new kernel to address CVE fixes