diff --git a/.github/workflows/kernel-apply-patch.sh b/.github/workflows/kernel-apply-patch.sh
new file mode 100755
index 0000000000..282f0fffdc
--- /dev/null
+++ b/.github/workflows/kernel-apply-patch.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+set -euo pipefail
+
+source "${GHA_SCRIPTS_DIR}/.github/workflows/common.sh"
+
+prepare_git_repo
+
+pushd "${SDK_OUTER_OVERLAY}"
+
+# trim the 3rd part in the input semver, e.g. from 5.4.1 to 5.4
+VERSION_SHORT=${VERSION_NEW%.*}
+VERSION_OLD=$(sed -n "s/^DIST patch-\(${VERSION_SHORT}\.[0-9]*\).*/\1/p" sys-kernel/coreos-sources/Manifest)
+if [[ -z "${VERSION_OLD}" ]]; then
+    VERSION_OLD=$(sed -n "s/^DIST linux-\(${VERSION_SHORT}*\).*/\1/p" sys-kernel/coreos-sources/Manifest)
+fi
+if [[ "${VERSION_NEW}" = "${VERSION_OLD}" ]]; then
+    echo "already the latest Kernel, nothing to do"
+    exit 0
+fi
+
+for pkg in sources modules kernel; do
+    pushd "sys-kernel/coreos-${pkg}"
+    git mv "coreos-${pkg}"-*.ebuild "coreos-${pkg}-${VERSION_NEW}.ebuild"
+    sed -i -e '/^COREOS_SOURCE_REVISION=/s/=.*/=""/' "coreos-${pkg}-${VERSION_NEW}.ebuild"
+    popd
+done
+
+popd
+
+function get_lwn_link() {
+    local LINUX_VERSION="${1}"; shift
+    local url
+
+    if ! curl -sfA 'Chrome' -L 'http://www.google.com/search?hl=en&q=site%3Alwn.net+linux+'"${LINUX_VERSION}" -o search.html >&2; then
+        echo 'curl failed' >&2
+        touch search.html
+    fi
+    # can't use grep -m 1 -o … to replace head -n 1, because all the links
+    # seem to happen in one line, so grep prints all the links in the line
+    url=$({ grep -o 'https://lwn.net/Articles/[0-9]\+' search.html || true ; } | head -n 1)
+    if [[ ! "${url}" ]]; then
+        echo 'no valid links found in the search result' >&2
+        url="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tag/?h=v${LINUX_VERSION}"
+    fi
+    rm search.html
+    echo "${url}"
+}
+
+PATCH_VERSION_OLD=${VERSION_OLD##*.}
+PATCH_VERSION_NEW=${VERSION_NEW##*.}
+
+PATCH_NUM=$((PATCH_VERSION_NEW - 1))
+
+OLD_VERSIONS_AND_URLS=()
+
+while [[ ${PATCH_NUM} -gt ${PATCH_VERSION_OLD} ]]; do
+    TMP_VERSION="${VERSION_SHORT}.${PATCH_NUM}"
+    TMP_URL=$(get_lwn_link "${TMP_VERSION}")
+    OLD_VERSIONS_AND_URLS+=( "${TMP_VERSION}" "${TMP_URL}" )
+    : $((PATCH_NUM--))
+done
+
+URL=$(get_lwn_link "${VERSION_NEW}")
+
+generate_update_changelog 'Linux' "${VERSION_NEW}" "${URL}" 'linux' "${OLD_VERSIONS_AND_URLS[@]}"
+
+commit_changes sys-kernel/coreos-sources "${VERSION_OLD}" "${VERSION_NEW}" \
+               sys-kernel/coreos-modules \
+               sys-kernel/coreos-kernel
+
+cleanup_repo
+
+echo "VERSION_OLD=${VERSION_OLD}" >>"${GITHUB_OUTPUT}"
+echo 'UPDATE_NEEDED=1' >>"${GITHUB_OUTPUT}"
diff --git a/.github/workflows/kernel-current-major-version.sh b/.github/workflows/kernel-current-major-version.sh
new file mode 100755
index 0000000000..a159b16f73
--- /dev/null
+++ b/.github/workflows/kernel-current-major-version.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -euo pipefail
+
+source "${GHA_SCRIPTS_DIR}/.github/workflows/common.sh"
+
+pushd "${SDK_OUTER_OVERLAY}"
+
+KV=$(git ls-files 'sys-kernel/coreos-kernel/*ebuild' | head -n 1 | cut -d '-' -f 5- | cut -d . -f 1-2)
+REMOTE='https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git'
+kernelVersion=$(git ls-remote --tags "${REMOTE}" | cut -f2 | sed -n "/refs\/tags\/v${KV}\.[0-9]*$/s/^refs\/tags\/v//p" | sort -ruV | head -1)
+
+popd
+
+echo "KERNEL_VERSION=${kernelVersion}" >>"${GITHUB_OUTPUT}"
diff --git a/.github/workflows/kernel-release.yaml b/.github/workflows/kernel-release.yaml
new file mode 100644
index 0000000000..1c1f973c80
--- /dev/null
+++ b/.github/workflows/kernel-release.yaml
@@ -0,0 +1,68 @@
+name: Get the latest Kernel release for all maintained branches
+on:
+  schedule:
+    - cron:  '0 7 * * *'
+  workflow_dispatch:
+
+jobs:
+  get-kernel-release:
+    strategy:
+      matrix:
+        channel: [main,alpha,beta,stable,lts,lts-old]
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out main scripts branch for GitHub workflow scripts only
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: gha
+          ref: main
+      - name: Figure out branch
+        id: figure-out-branch
+        run: gha/.github/workflows/figure-out-branch.sh '${{ matrix.channel }}'
+      - name: Check out work scripts branch for updating
+        if: steps.figure-out-branch.outputs.SKIP == 0
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: work
+          ref: ${{ steps.figure-out-branch.outputs.BRANCH }}
+      - name: Figure out latest Linux release version
+        if: steps.figure-out-branch.outputs.SKIP == 0
+        id: kernel-latest-release
+        env:
+          GHA_SCRIPTS_DIR: "${{ github.workspace }}/gha"
+          WORK_SCRIPTS_DIR: "${{ github.workspace }}/work"
+        run: gha/.github/workflows/kernel-current-major-version.sh
+      - name: Set up Flatcar SDK
+        if: steps.figure-out-branch.outputs.SKIP == 0
+        id: setup-flatcar-sdk
+        env:
+          WORK_SCRIPTS_DIR: "${{ github.workspace }}/work"
+          CHANNEL: ${{ steps.figure-out-branch.outputs.LABEL }}
+          # This will be empty for the main channel, but we handle
+          # this case inside setup-flatcar-sdk.sh.
+          MIRROR_LINK: ${{ steps.figure-out-branch.outputs.LINK }}
+        run: gha/.github/workflows/setup-flatcar-sdk.sh
+      - name: Apply patch
+        if: steps.figure-out-branch.outputs.SKIP == 0
+        id: apply-patch
+        env:
+          GHA_SCRIPTS_DIR: "${{ github.workspace }}/gha"
+          WORK_SCRIPTS_DIR: "${{ github.workspace }}/work"
+          VERSION_NEW: ${{ steps.kernel-latest-release.outputs.KERNEL_VERSION }}
+          PACKAGES_CONTAINER: ${{ steps.setup-flatcar-sdk.outputs.PACKAGES_CONTAINER }}
+          SDK_NAME: ${{ steps.setup-flatcar-sdk.outputs.SDK_NAME }}
+        run: gha/.github/workflows/kernel-apply-patch.sh
+      - name: Create pull request
+        if: (steps.figure-out-branch.outputs.SKIP == 0) && (steps.apply-patch.outputs.UPDATE_NEEDED == 1)
+        uses: peter-evans/create-pull-request@v5
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          path: work
+          branch: "linux-${{ steps.kernel-latest-release.outputs.KERNEL_VERSION }}-${{ steps.figure-out-branch.outputs.BRANCH }}"
+          base: ${{ steps.figure-out-branch.outputs.BRANCH }}
+          title: Upgrade Linux Kernel for ${{ steps.figure-out-branch.outputs.BRANCH }} from ${{ steps.apply-patch.outputs.VERSION_OLD }} to ${{ steps.kernel-latest-release.outputs.KERNEL_VERSION }}
+          body: Subject says it all.
+          labels: ${{ steps.figure-out-branch.outputs.LABEL }}