[12:08] <Nicholas[m]> I'm wondering whether the dirty pipe vulnerability is mitigated by live patch, or do I need a reboot?
[13:01] <sdeziel>  Nicholas[m]: I haven't used live patch but that's something I'd expect the `canonical-livepatch status` output to show, maybe?
[15:10] <Nicholas[m]> so what's happening then? when livepatch patches the running kernel does it bump the version number of the kernel -- can you go e.g. 5.4.0 -> 5.4.1 
[15:27] <tomreyn> more likely, it will be some kind of appendix. i assume /proc/version will show it, too.
[15:28] <sdeziel> Nicholas[m]: AFAIK, the kernel number (5.4.0) never changes during the whole support life. There is a number after it that keeps going up (5.4.0-104 is current ATM).
[15:28] <ebarretto> Nicholas[m], no kernel that is supported on livepatch was affected. Only kernels > 5.8 were affected: https://ubuntu.com/security/CVE-2022-0847
[15:30] <Nicholas[m]> ebarretto: the HWE kernel is 5.13 - isn't that supported by livepatch?
[15:32] <ebarretto> Nicholas[m], only the ones listed here: https://ubuntu.com/security/livepatch/docs/kernels
[15:34] <Nicholas[m]> oh dear. so a 20.04 server running HWE 5.13 needs a reboot to be covered from the dirtypipe... 😱
[15:47] <tomreyn> according to this table, 20.04 LTS HWE kernels do not (yet) receive livepatch support at all.
[15:47] <tomreyn> (just GA)
[23:44] <shalocin[m]> Just switch back to the genetic kernel if you want live patch and get reboots. Servers generally don't need HWE branch because it just sits there in a rack doing its thing. On the other hand,  you are more likely to be plugging in some fancy device into your desktop out laptop.
[23:44] <shalocin[m]> Or am I wrong?