Update: A new linux-image package was respun containing the workaround. Users should just need to run apt update; apt upgrade linux-image-6.8.0-1014-azure-fde
to receive the changes if they are still running 6.8 on CVMs. Unattended upgrades will pick it up automatically where enabled.
Original Post: On September 12th, we promoted the azure-tuned kernel from 6.5 to 6.8 for Ubuntu 22.04. Subsequently, we discovered that Confidential VM (CVM) instances began experiencing kernel panics post-reboot.
This problem affects Jammy CVM instances, both with and without Full Disk Encryption (FDE). We believe other Ubuntu releases and non-CVM instances are not impacted.
We have removed the affected packages from the repositories while we investigate and develop a fix. Our team is actively working on resolving this issue, exploring potential issues with the EFI stub produced at build-time and related dependencies.
The affected 6.8 kernel was available in the Jammy repositories from September 12th to 16th. If you have a CVM instance that installed these packages during this period, either through automation or manually, it may fail on reboot unless addressed.
If youāre running a CVM instance with Ubuntu 22.04, we recommend the following:
- To check if you have the affected kernel version installed, run:
if apt list --installed 2>/dev/null | grep -q "linux-image-6.8.0-1014-azure-fde"; then
echo "Problematic update present"
else
echo "Not affected"
fi
-
If the package is installed, do not reboot your instance.
-
To revert to the earlier version of the kernel, run:
apt purge -y linux-image-6.8.0-1014-azure-fde
Please note that, if you have already rebooted and encountered issues, recovery for CVM instances is complex because of their use of nullboot instead of grub. If you have a support relationship with either Canonical or Microsoft, please contact your support representative for assistance.
Once a corrected version of the kernel package is available, we will make it accessible through the normal update process and provide an update on this thread.
We appreciate your patience and understanding as we work to resolve this matter. If you have any questions or concerns, please donāt hesitate to reach out.