I ran into this problem on a server where aapanel kept showing a security warning: “your current kernel has a flaw—install the latest kernel.” I didn’t want to break a production VPS by randomly installing kernels, so I went the safe route: update Ubuntu the normal way first, verify the new kernel boots, then clean up the old packages.
- Before you update the kernel (quick safety checklist)
- Step 1: Check your current kernel version
- Step 2: Update package lists
- Step 3: Install all updates (this usually pulls the latest kernel)
- Step 4: Reboot to load the new kernel
- Step 5: Confirm the kernel version after reboot
- Optional (LTS users): Upgrade to the newer HWE kernel
- Optional: Clean up old kernels after you confirm everything boots
- Troubleshooting
- 1) I updated, rebooted… but the kernel version didn’t change
- 2) The server boots but something is broken (network / modules / VPN)
- 3) Should I install “mainline” kernels to get the newest possible version?
- Helpful links (outbound + internal)
- Final thoughts
This guide shows how to update Ubuntu to the latest kernel version safely, using the built-in package manager (apt). It’s the same idea as my original How7o answer (check kernel → update → upgrade → reboot), just written as a complete step-by-step tutorial.
Before you update the kernel (quick safety checklist)
- Take a snapshot/backup (VPS snapshot is perfect).
- Schedule a reboot window (kernel changes require reboot).
- Make sure you have console access (provider web console / rescue mode), just in case SSH doesn’t come back.
Step 1: Check your current kernel version
This is the fastest way to see what you’re running right now
uname -rOptional (but I always do it): check your Ubuntu release too, because kernel packages differ between LTS versions.
lsb_release -aStep 2: Update package lists
Update the local package index
sudo apt updateStep 3: Install all updates (this usually pulls the latest kernel)
This is where many people stop at sudo apt upgrade (also from the original post). On servers, I prefer using full-upgrade because it’s better at handling dependency changes when a new kernel meta-package is involved (it can install/remove packages when needed).
sudo apt full-upgrade -yIf you want the “minimal change” approach, you can run:
sudo apt upgrade -yBut if your goal is “get the newest kernel Ubuntu offers for this release”, full-upgrade is usually the smoother option.
Step 4: Reboot to load the new kernel
A kernel update doesn’t truly apply until you reboot (same as the original post).
sudo rebootStep 5: Confirm the kernel version after reboot
uname -rIf the version changed, you’re done. If it didn’t, jump to the troubleshooting section below.
Optional (LTS users): Upgrade to the newer HWE kernel
If you’re on an Ubuntu LTS release and you want a newer kernel track (often what panels mean by “latest”), you may want the HWE (Hardware Enablement) kernel. Ubuntu documents HWE as a supported way to get newer kernels on an LTS release.
Examples (pick the one matching your Ubuntu version):
- Ubuntu 22.04 LTS:
sudo apt install -y linux-generic-hwe-22.04 - Ubuntu 20.04 LTS:
sudo apt install -y linux-generic-hwe-20.04
This approach is commonly recommended when you want the “newer supported kernel” without going into unsupported mainline builds.
Optional: Clean up old kernels after you confirm everything boots
After you verify the server boots fine on the new kernel, you can remove unused packages (including older kernels) to free disk space:
sudo apt autoremove --purge -yTip: Don’t do cleanup before the first successful reboot. I always confirm the new kernel boots first, then clean.
Troubleshooting
1) I updated, rebooted… but the kernel version didn’t change
- Run
sudo apt full-upgrade(not onlyupgrade). - On LTS, consider installing the HWE kernel meta package (section above).
2) The server boots but something is broken (network / modules / VPN)
This is rare on normal VPS setups, but if you use extra kernel modules (WireGuard builds, special storage drivers, etc.), kernel upgrades can require DKMS rebuilds. If you have a provider console, you can boot the previous kernel from GRUB as a quick rollback and troubleshoot safely.
3) Should I install “mainline” kernels to get the newest possible version?
I don’t recommend mainline kernels on a production server unless you really know why you need them. The supported route on Ubuntu is: normal updates, and for LTS, HWE kernels.
Helpful links (outbound + internal)
- Ubuntu Wiki: LTS Enablement (HWE) Stack
- Canonical kernel docs: HWE kernels
- Ask Ubuntu discussion: full-upgrade + HWE package
- How to create a directory in Ubuntu
- Automatic logout timeout for Ubuntu terminal
Final thoughts
In most cases, updating to the latest Ubuntu kernel is simply: uname -r → apt update → apt full-upgrade → reboot → uname -r. That’s all I needed to clear the aapanel warning and keep the server on a supported kernel track.
