Comment 3 for bug 2028377

So the reason you're seeing the message when you login is because there is a livepatch module inserted that is addressing some kernel vulnerabilities, you can see the specific vulnerabilities addressed with `canonical-livepatch status --verbose`. Note that because patches are cumulative you'll see vulnerabilities that were addressed years ago too (these are already addressed by the base kernel).

Now the tricky part here is the messaging, normally a kernel release doesn't immediately need livepatches and if you have unattended-upgrades setup and you reboot regularly, you'll always be on a recent release that doesn't require livepatches and you wouldn't see the message. In this case however it seems that there is a livepatch available for a kernel release where there is no newer kernel to upgrade to, so you're left with the confusing message that you should upgrade, even though there is nothing to upgrade to (afaik).

I will bring this up internally to verify my assumptions and figure out how we can clear up the messaging. Thanks for the report, and as a note, the messaging in this case is benign as you're on the latest kernel already and Livepatch is being overly cautious by telling you to update. Hope that all made sense, open to any suggestions and clarifications you might have.