If you're running a Linux system, you've likely heard about the recent security vulnerability CVE-2026-46333, which affects the kernel. A proof-of-concept exploit is already out there, making it crucial to upgrade to one of the newly released stable kernels: 7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, or 5.10.256. These versions include a patch developed by Jann Horn back in 2020 and reported by the Qualys Security Advisory team. Some also contain fixes for other bugs. In this guide, you’ll learn exactly how to upgrade your kernel step by step, with tips to avoid common pitfalls.

What You Need

• A Linux machine with root or sudo access
• A stable internet connection for downloading kernel sources or packages
• At least 1 GB of free disk space (more if compiling from source)
• Backup of important data and configuration files
• Basic familiarity with the command line
• Optional: a second kernel entry in your bootloader to fall back to

Step-by-Step Kernel Upgrade Guide

Step 1: Check Your Current Kernel Version

Before upgrading, note your existing kernel version. Open a terminal and run:

uname -r

This displays your current kernel (e.g., 6.1.172). Write it down—you may need it to verify the upgrade later.

Step 2: Choose the Right Target Kernel

From the list of patched kernels, select the one that matches your kernel family. For example, if you’re on 6.1.x, upgrade to 6.1.173. If you’re on 5.15.x, go to 5.15.207, and so on. Always stick to the same major version to avoid compatibility issues with drivers and modules.

Step 3: Download the New Kernel

You have two main methods:

• Package manager (preferred for most distributions):
• On Debian/Ubuntu: sudo apt update && sudo apt upgrade
• On RHEL/Fedora: sudo dnf upgrade kernel
• On Arch Linux: sudo pacman -Syu
• Compile from source (advanced):
• Download the tarball from kernel.org for your chosen version.
• Extract it: tar xvf linux-6.1.173.tar.xz

If using a package manager, your distribution will automatically pull the correct kernel package if the update is available. If not, you may need to wait or use the source method.

Step 4: (Optional) Backup Existing Kernel

To be safe, ensure your current kernel is still bootable. Most package managers keep at least one previous kernel. If compiling, keep the old kernel’s modules (/lib/modules/$(uname -r)) intact. You can also add a custom boot entry later.

Step 5: Install the New Kernel

Using a package manager: After upgrading the kernel package, reboot. The installer handles module rebuilding and initramfs updates automatically.

Compiling from source:

1. Configure the kernel: cd linux-6.1.173 && make olddefconfig (or copy your old config: cp /boot/config-$(uname -r) .config)
2. Compile: make -j$(nproc)
3. Install modules: sudo make modules_install
4. Install kernel: sudo make install

This installs the kernel to /boot and updates your bootloader (GRUB or LILO).

Step 6: Update Bootloader

After installation, regenerate the bootloader configuration:

• For GRUB: sudo update-grub (Debian/Ubuntu) or sudo grub-mkconfig -o /boot/grub/grub.cfg
• For systemd-boot: run sudo bootctl update (or manually add entry)

Make sure the new kernel appears first in the boot menu.

Step 7: Reboot and Verify

Restart your system: sudo reboot. During boot, select the new kernel from the GRUB menu (if not default). After logging in, check the version:

uname -r

Confirm it matches the patched kernel (e.g., 6.1.173). For extra verification, search for CVE-2026-46333 in the kernel’s changelog: zgrep CVE-2026-46333 /usr/share/doc/kernel/changelog* (if available).

Step 8: Test System Stability

Run a few checks to ensure everything works:

• List loaded modules: lsmod
• Check dmesg for errors: dmesg | grep -i error
• Test your typical workloads (filesystem, networking, etc.)

If you encounter issues, you can boot the old kernel from the bootloader and investigate.

Tips for a Smooth Kernel Upgrade

• Always keep a known-good kernel in your bootloader. Don’t delete the previous one until you’re confident the upgrade is stable.
• Test on a non-production system first if possible, especially if you’re compiling from source.
• Check your distribution’s official repository first—using their prebuilt packages is faster and less error-prone.
• If you compile manually, preserve your old .config to reuse hardware-specific settings.
• Watch out for third-party modules (like NVIDIA drivers). They may need to be recompiled or updated separately after a kernel upgrade.
• After updating, set a baseline with tools like sysbench or stress-ng to catch performance regressions.
• Stay informed—CVE-2026-46333 has a published PoC, so prompt updating is strongly recommended.