How to live patch Ubuntu Linux Kernel without rebooting the server

Kernel live patching enables run time correction of critical security issues in running kernel without rebooting. How do I enable or patch my Ubuntu Linux16.04 LTS server without rebooting the box?

Ubuntu Linux version 16.04 LTS supports live patching for both enterprise and the #Ubuntu community members. The Canonical Live-patch Service is an authenticated, encrypted, signed stream of live-patch kernel modules for #Ubuntu servers, virtual machines and desktops.

On 20th October, 2016 Canonical officially announced the support for no reboot kernel patching, freely available on maximum three machines for a single user running 64-bit Intel/AMD #Ubuntu 16.04 LTS. Installing is really easy

sudo apt update 
sudo apt upgrade
sudo apt install snapd

Generate a livepatch key

In order to get started login and generate a key from the following url (a free account is needed):

After login you should see something like this

Enable live patching

sudo snap install canonical-livepatch
sudo canonical-livepatch enable
5e37xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

If everything went well you should read something like

Successfully enabled device. Using machine-token: 5e37xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

To view the status of the daemon

canonical-livepatch status –verbose

client-version: "6" machine-id: 6e2xxxxxxxxxxxxxxxxxxxxx machine-token: 0c38xxxxxxxxxxxxxxxxxxxxxxxxxxxx architecture: x86_64 cpu-model: Intel(R) Xeon(R) CPU           W3520  @ 2.67GHz last-check: 2017-02-17T10:18:14.094602474+01:00 boot-time: 2017-02-08T14:40:20+01:00 uptime: 211h38m28s status: - kernel: 4.4.0-62.83-generic   running: true   livepatch:     checkState: checked     patchState: nothing-to-apply     version: ""     fixes: ""