diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index b462755080..b6ac1338db 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -206,7 +206,7 @@ parts:
 
       # Install raw kernel
       vmlinux_path="vmlinux"
-      [ "${arch}" = "s390x" ] && vmlinux_path="arch/s390/boot/compressed/vmlinux"
+      [ "${arch}" = "s390x" ] && vmlinux_path="arch/s390/boot/vmlinux"
       vmlinux_name="vmlinux-${kernel_suffix}"
       cp "${vmlinux_path}" "${kata_kernel_dir}/${vmlinux_name}"
       ln -sf "${vmlinux_name}" "${kata_kernel_dir}/vmlinux.container"
diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock
index 987f16ffa2..d8f09218cb 100644
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@@ -168,13 +168,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "cgroups-rs"
-version = "0.2.9"
+version = "0.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cdae996d9638ba03253ffa1c93345a585974a97abbdeab9176c77922f3efc1e8"
+checksum = "cf5525f2cf84d5113ab26bfb6474180eb63224b4b1e4be31ee87be4098f11399"
 dependencies = [
  "libc",
  "log",
- "nix 0.23.1",
+ "nix 0.24.2",
  "regex",
 ]
 
diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml
index bada4c4ddf..bdc02df901 100644
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@@ -50,7 +50,7 @@ log = "0.4.11"
 prometheus = { version = "0.13.0", features = ["process"] }
 procfs = "0.12.0"
 anyhow = "1.0.32"
-cgroups = { package = "cgroups-rs", version = "0.2.8" }
+cgroups = { package = "cgroups-rs", version = "0.2.10" }
 
 # Tracing
 tracing = "0.1.26"
diff --git a/src/agent/rustjail/Cargo.toml b/src/agent/rustjail/Cargo.toml
index 6d0a3a5182..b2f700c9b5 100644
--- a/src/agent/rustjail/Cargo.toml
+++ b/src/agent/rustjail/Cargo.toml
@@ -23,7 +23,7 @@ scan_fmt = "0.2.6"
 regex = "1.5.5"
 path-absolutize = "1.2.0"
 anyhow = "1.0.32"
-cgroups = { package = "cgroups-rs", version = "0.2.8" }
+cgroups = { package = "cgroups-rs", version = "0.2.10" }
 rlimit = "0.5.3"
 cfg-if = "0.1.0"
 
diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh
index 837dfd67a6..100d1b9b18 100755
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@@ -127,7 +127,10 @@ get_tee_kernel() {
 	mkdir -p ${kernel_path}
 
 	[ -z "${kernel_url}" ] && kernel_url=$(get_from_kata_deps "assets.kernel.${tee}.url")
-	kernel_tarball="${version}.tar.gz"
+
+	kernel_tarball="linux-${version}.tar.gz"
+	tarball_name=$(get_from_kata_deps "assets.kernel.${tee}.tarball")
+	[ -z "$tarball_name" ] || kernel_tarball="$tarball_name"
 
 	if [ ! -f "${kernel_tarball}" ]; then
 	   curl --fail -OL "${kernel_url}/${kernel_tarball}"
@@ -456,7 +459,7 @@ install_kata() {
 	if [ "${arch_target}" = "arm64" ]; then
 		install --mode 0644 -D "arch/${arch_target}/boot/Image" "${install_path}/${vmlinux}"
 	elif [ "${arch_target}" = "s390" ]; then
-		install --mode 0644 -D "arch/${arch_target}/boot/compressed/vmlinux" "${install_path}/${vmlinux}"
+		install --mode 0644 -D "arch/${arch_target}/boot/vmlinux" "${install_path}/${vmlinux}"
 	else
 		install --mode 0644 -D "vmlinux" "${install_path}/${vmlinux}"
 	fi
@@ -553,7 +556,8 @@ main() {
 			esac
 		elif [[ "${conf_guest}" != "" ]]; then
 			#If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues
-			kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag")
+			kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.version" 2>/dev/null || true)
+			[ -n "${kernel_version}" ] || kernel_version=$(get_from_kata_deps "assets.kernel.${conf_guest}.tag")
 		else
 			kernel_version=$(get_from_kata_deps "assets.kernel.version")
 		fi
diff --git a/tools/packaging/kernel/configs/fragments/common/dax.conf b/tools/packaging/kernel/configs/fragments/common/dax.conf
index 6c48de444e..ff747ae179 100644
--- a/tools/packaging/kernel/configs/fragments/common/dax.conf
+++ b/tools/packaging/kernel/configs/fragments/common/dax.conf
@@ -12,7 +12,6 @@ CONFIG_SPARSEMEM_VMEMMAP=y
 # Without these the pmem_should_map_pages() call in the kernel fails with new
 # Related to the ARCH_HAS_HMM set in the arch files.
 CONFIG_ZONE_DEVICE=y
-CONFIG_DEV_PAGEMAP_OPS=y
 
 CONFIG_ND_PFN=y
 CONFIG_NVDIMM_PFN=y
@@ -23,7 +22,6 @@ CONFIG_BLK_DEV=y
 CONFIG_BLK_DEV_PMEM=y
 CONFIG_BLK_DEV_RAM=y
 CONFIG_LIBNVDIMM=y
-CONFIG_ND_BLK=y
 CONFIG_BTT=y
 # FIXME: Should check if this is really needed
 # https://github.com/kata-containers/packaging/issues/483
diff --git a/tools/packaging/kernel/configs/fragments/s390/network.conf b/tools/packaging/kernel/configs/fragments/s390/network.conf
deleted file mode 100644
index f3f159705d..0000000000
--- a/tools/packaging/kernel/configs/fragments/s390/network.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-# Options needed by HAVE_EBPF_JIT
-CONFIG_PACK_STACK=y
diff --git a/tools/packaging/kernel/configs/fragments/x86_64/base.conf b/tools/packaging/kernel/configs/fragments/x86_64/base.conf
index 3734b51bd1..b26a788317 100644
--- a/tools/packaging/kernel/configs/fragments/x86_64/base.conf
+++ b/tools/packaging/kernel/configs/fragments/x86_64/base.conf
@@ -15,6 +15,7 @@ CONFIG_NR_CPUS=240
 
 # For security
 CONFIG_LEGACY_VSYSCALL_NONE=y
+CONFIG_SPECULATION_MITIGATIONS=y
 CONFIG_RETPOLINE=y
 
 # Boot directly into the uncompressed kernel
diff --git a/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf b/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf
index 32a43f2bbf..baa44878ac 100644
--- a/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf
+++ b/tools/packaging/kernel/configs/fragments/x86_64/sev/sev.conf
@@ -1,12 +1,9 @@
 # AMD Secure Encrypted Virtualization (SEV)
  
 CONFIG_AMD_MEM_ENCRYPT=y
-CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y
-CONFIG_CRYPTO_DEV_SP_PSP=y
-CONFIG_CRYPTO_DEV_CCP=y
-CONFIG_SECURITYFS=y
-CONFIG_VIRT_DRIVERS=y
 CONFIG_EFI=y
 CONFIG_EFI_SECRET=m
+CONFIG_EFI_STUB=y
 CONFIG_MODULE_SIG=y
-CONFIG_MODULES=y
\ No newline at end of file
+CONFIG_MODULES=y
+CONFIG_VIRT_DRIVERS=y
\ No newline at end of file
diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version
index 49541f7210..5595fa46c0 100644
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@@ -1 +1 @@
-94
+95
diff --git a/tools/packaging/kernel/patches/5.19.x/no_patches.txt b/tools/packaging/kernel/patches/5.19.x/no_patches.txt
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/versions.yaml b/versions.yaml
index eb67532934..164969397b 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -153,16 +153,16 @@ assets:
   kernel:
     description: "Linux kernel optimised for virtual machines"
     url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
-    version: "v5.15.48"
+    version: "v5.19.2"
     tdx:
       description: "Linux kernel that supports TDX"
       url: "https://github.com/intel/linux-kernel-dcp/archive/refs/tags"
       tag: "SPR-BKC-PC-v9.6"
+      tarball: "SPR-BKC-PC-v9.6.tar.gz"
     sev:
-      description: "Linux kernel with efi_secret support"
-      url: "https://github.com/confidential-containers-demo/\
-      linux/archive/refs/tags/"
-      tag: "efi-secret-v5.17-rc6"
+      description: "Linux kernel that supports SEV"
+      url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
+      version: "v5.19.2"
 
   kernel-experimental:
     description: "Linux kernel with virtio-fs support"