No More Emergency Reboots: Canonical Livepatch Now Supports Arm64 on Ubuntu 26.04 LTS

No More Emergency Reboots: Canonical Livepatch Now Supports Arm64 on Ubuntu 26.04 LTS

Canonical has announced that its zero-downtime live kernel patching service, Canonical Livepatch, now officially supports the Arm64 (AArch64) architecture — a milestone that eliminates the need for emergency reboots to apply critical kernel security updates on Arm-based Ubuntu systems.

For the first time, Ubuntu running on Arm64 hardware can receive critical Linux kernel patches while the system remains fully operational, without any service interruption or restart. The capability is available starting with Ubuntu Core 26 for Arm64, and on Ubuntu 26.04 LTS “Resolute Raccoon” for Arm64 servers and edge devices. For AMD64 (x86) machines, Livepatch has been available since Ubuntu Core 20 and continues to be supported across all subsequent releases.

What Is Canonical Livepatch?

Canonical Livepatch is a technology that allows administrators to load specific security patches for the running Linux kernel without stopping services or scheduling downtime. Patches are applied in memory to the live kernel, replacing vulnerable code paths while workloads continue uninterrupted.

The service focuses on kernel vulnerabilities rated “Critical” or “High” by the Common Vulnerability Scoring System (CVSS) that carry security implications such as privilege escalation or remote code execution. It is particularly valuable for environments where unplanned downtime carries serious operational or financial consequences — including cloud servers, enterprise data centres, industrial control systems, and remote edge devices.

It is important to understand what Livepatch is not. The service does not replace regular system updates; user-space components such as OpenSSL and glibc still require patching through standard package management. Livepatch also does not eliminate the need for periodic reboots altogether — routine reboots remain necessary to fully adopt a new kernel version and to clear accumulated memory state over long uptimes. What Livepatch does is reduce and often eliminate emergency, unscheduled reboots in the critical window between planned maintenance cycles.

Years in the Making: The Technical Road to Arm64 Support

Extending Livepatch to Arm64 required resolving deep, architecture-level challenges. In late 2023, Canonical conducted a comprehensive gap analysis to map what would be needed. The findings were sobering: live kernel patching requires the kernel to reliably know when it is safe to switch a running task to newly patched code. This mechanism depends on reliable kernel stack traces (CONFIG_HAVE_RELIABLE_STACKTRACE), and at the time, the upstream Arm64 kernel lacked a stable, fully accepted implementation. Additionally, the toolchain required to compile and compare unpatched and patched kernels — including GCC, objdump, and Kpatch — had immature Arm64 support, with relevant patches still under active upstream discussion and not yet merged.

Closing these gaps demanded a coordinated, multi-year industry effort. Engineers at major operating system publishers, hyperscale cloud providers, silicon vendors, and the broader open-source community worked together to advance the required kernel consistency model and toolchain support for Arm64. Once the prerequisites were merged upstream, Canonical’s engineering team overhauled its build infrastructure — adding dedicated Arm64 build farm instances for native compilation, constructing new architecture-specific regression test suites, and updating the Livepatch distribution network to support seamless multi-architecture delivery.

“As agentic AI and always-on workloads move into production, minimizing downtime is a necessity. With Canonical’s Ubuntu 26.04 LTS, organizations can address critical vulnerabilities in real time while systems remain fully operational with Kernel Livepatch, which was developed through close collaboration between Arm and the upstream Linux community to advance secure and scalable AI infrastructure.” — Bhumik Patel, Director of Server Ecosystem Development, Cloud AI Business Unit, Arm

By late February 2026, the Arm64 Livepatch client was successfully applying live kernel patches in Canonical’s test environments for Ubuntu 26.04 LTS and Ubuntu Core 26. Today marks the public availability of that work.

Who Benefits?

The primary audience for Arm64 Livepatch is organizations managing Ubuntu deployments on Arm64 servers, cloud virtual machines, and remote or embedded devices that cannot tolerate frequent or unplanned downtime. This includes enterprises scaling Arm-based cloud infrastructure, industrial operators running Ubuntu Core on edge hardware, and any environment where a kernel vulnerability must be remediated immediately without waiting for a scheduled maintenance window.

Desktop users who reboot their machines regularly are unlikely to notice a practical difference, as Livepatch is designed for systems where a reboot represents genuine operational risk and potential cost.

Compliance Implications

Beyond operational benefits, Canonical notes that Livepatch on Arm64 strengthens the compliance posture of organizations working toward requirements under the European Union’s Cyber Resilience Act (CRA). The CRA, which began applying to authorities in June 2026, imposes vulnerability reporting obligations and security requirements on connected products. The ability to remediate critical kernel vulnerabilities in real time, without service interruption, is a meaningful practical tool for meeting those obligations.

With today’s announcement, Canonical closes a multi-year technical gap, bringing the same rebootless kernel security capabilities that AMD64 users have relied on for years to the rapidly growing Arm64 ecosystem across cloud, server, and edge environments.