All Products
Search
Document Center

After Linux kernel vulnerabilities are fixed and the system is restarted, I am still notified that I have to restart the system when I log on to the console. What do I do?

Last Updated: May 19, 2022

Problem description

After a user fixes a Linux kernel vulnerability in the Security Center console, a system restart is required so that the vulnerability can be fixed. After I restart the system or my Elastic Compute Service (ECS) instance, the status of the vulnerability changes to Handled (To Be Restarted) in the Security Center console. I cannot check whether the vulnerability is fixed.

Causes

After you fix kernel vulnerabilities on a server that uses the Ubuntu kernel, the latest kernel is not used when the system is restarted. This is because the kernel selection order in the GRUB boot menu is modified. When you install the latest kernel on the server, the system asks you whether you want to keep the existing modifications on the GRUB boot menu. You must use silent installation in which the latest kernel is prioritized during startup.

Solutions

The following list introduces the solutions for different kernel settings:

  • If you want to retain the default settings of the latest kernel rather than the original GRUB boot menu configurations, specify the following environment variable before you run the command to fix vulnerabilities. This way, the system automatically uses the default settings.
    export DEBIAN_FRONTEND=noninteractive
  • If you do not want to use the default settings of the latest kernel, manually modify the kernel selection order in the GRUB boot menu. For more information, see How do I modify the boot sequence of the Linux kernel?

References

Application scope

  • Security Center