https://www.bleepingcomputer.com/news/security/new-linux-dirty-frag-zero-day-with-poc-exploit-gives-root-privileges/
For a server like mine where high availability is not necessary, I wish I could just set it to automatically install any kernel updates and reboot.
I already have it set to install updates, but kernel updates typically need a reboot, which is still a manual process for me.
I guess I could just run a daily cron that would reboot every day at 2am, then in the worst case it would go 23:59 between update and reboot
Naturally, Ask Ubuntu is on the task
https://askubuntu.com/questions/1401765/reboot-automatically-when-kernel-is-upgraded
And, also naturally, someone has refined it to classify exploit severity and then reboot based on severity level.
https://peacocksoftware.com/blog/do-you-really-need-reboot-your-linux-server-after-update
And Livepatch does away with this need entirely for critical and high severity kernel updates by allowing patching without shutting down the system. It's free for up to 5 machines belonging to you or your business
https://ubuntu.com/security/livepatch