Patching Linux Kernel Without Reboot Using Canonical Livepatch Service

First, go to Canonical Livepatch service page. Select Ubuntu user if you want to use the service without paying for up to 3 machines. If you are an UA customer, then select Ubuntu Advantage customer.  And click Get your Livepatch token.

You need to sign in with your Ubuntu one account which is totally free of charge. Once you are signed in, you will get a secret key for your account.

Then make sure you have the snap daemon installed on your Ubuntu 16.04 system.

sudo apt update
sudo apt install snapd

Next, install the canonical-livepatch daemon.

sudo snap install canonical-livepatch

Enable the service with the following command.

sudo canonical-livepatch enable <your-secret-key>

Sample output:

Successfully enabled device. Using machine-token: 2ca4f0662793daje0393jdaf39332d

You can check live patch status at any time with:

canonical-livepatch status --verbose

Please note that kernel patching is different from upgrading kernel to the latest version. After applying security patches, you still need to reboot in order to upgrade to the latest version of Linux kernel on Ubuntu 16.04.

Source: Using Canonical Livepatch Service to Patch Ubuntu 16.04 Kernel without Reboot – LinuxBabe.Com