diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
index 0cafce3f7044..822776610ad6 100755
--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@@ -357,9 +357,9 @@ install_image() {
 	if [ "${variant}" == "confidential" ]; then
 		# For the confidential image we depend on the kernel built in order to ensure that
 		# measured boot is used
-		latest_artefacts+="-$(get_latest_kernel_confidential_artefact_and_builder_image_version)"
-		latest_artefacts+="-$(get_latest_coco_guest_components_artefact_and_builder_image_version)"
-		latest_artefacts+="-$(get_latest_pause_image_artefact_and_builder_image_version)"
+		latest_artefact+="-$(get_latest_kernel_confidential_artefact_and_builder_image_version)"
+		latest_artefact+="-$(get_latest_coco_guest_components_artefact_and_builder_image_version)"
+		latest_artefact+="-$(get_latest_pause_image_artefact_and_builder_image_version)"
 	fi
 
 	latest_builder_image=""
@@ -432,9 +432,9 @@ install_initrd() {
 	if [ "${variant}" == "confidential" ]; then
 		# For the confidential initrd we depend on the kernel built in order to ensure that
 		# measured boot is used
-		latest_artefacts+="-$(get_latest_kernel_confidential_artefact_and_builder_image_version)"
-		latest_artefacts+="-$(get_latest_coco_guest_components_artefact_and_builder_image_version)"
-		latest_artefacts+="-$(get_latest_pause_image_artefact_and_builder_image_version)"
+		latest_artefact+="-$(get_latest_kernel_confidential_artefact_and_builder_image_version)"
+		latest_artefact+="-$(get_latest_coco_guest_components_artefact_and_builder_image_version)"
+		latest_artefact+="-$(get_latest_pause_image_artefact_and_builder_image_version)"
 	fi
 
 	latest_builder_image=""
diff --git a/tools/packaging/kernel/configs/fragments/common/fs.conf b/tools/packaging/kernel/configs/fragments/common/fs.conf
index 8ff5573c1784..fb88065c64d3 100644
--- a/tools/packaging/kernel/configs/fragments/common/fs.conf
+++ b/tools/packaging/kernel/configs/fragments/common/fs.conf
@@ -9,6 +9,8 @@ CONFIG_BLK_DEV_THROTTLING=y
 CONFIG_BLK_DEV_LOOP=y
 CONFIG_BLK_DEV_BSG=y
 CONFIG_BLK_DEV_SD=y
+# Required in v6.8+ to use mounted loop devices
+CONFIG_BLK_DEV_WRITE_MOUNTED=y
 
 # support initial ramdisk
 CONFIG_RD_GZIP=y
diff --git a/tools/packaging/kernel/configs/fragments/whitelist.conf b/tools/packaging/kernel/configs/fragments/whitelist.conf
index 94e922df6893..2ddf89e98c89 100644
--- a/tools/packaging/kernel/configs/fragments/whitelist.conf
+++ b/tools/packaging/kernel/configs/fragments/whitelist.conf
@@ -38,3 +38,4 @@ CONFIG_PAGE_TABLE_ISOLATION
 CONFIG_MITIGATION_PAGE_TABLE_ISOLATION
 CONFIG_VFIO_AP
 CONFIG_VFIO_MDEV
+CONFIG_BLK_DEV_WRITE_MOUNTED
diff --git a/tools/packaging/kernel/kata_config_version b/tools/packaging/kernel/kata_config_version
index 878d5a02b2bd..c748b568f766 100644
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@@ -1 +1 @@
-146
+147
diff --git a/versions.yaml b/versions.yaml
index 28b632758038..a566edc0e361 100644
--- a/versions.yaml
+++ b/versions.yaml
@@ -191,11 +191,11 @@ assets:
   kernel:
     description: "Linux kernel optimised for virtual machines"
     url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-    version: "v6.12.8"
+    version: "v6.12.13"
     confidential:
       description: "Linux kernel with x86_64 TEEs (SEV, SNP, and TDX) support"
       url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
-      version: "v6.12.8"
+      version: "v6.12.13"
 
   kernel-arm-experimental:
     description: "Linux kernel with cpu/mem hotplug support on arm64"
@@ -228,7 +228,7 @@ externals:
   coco-guest-components:
     description: "Provides attested key unwrapping for image decryption"
     url: "https://github.com/confidential-containers/guest-components/"
-    version: "3df6c412059f29127715c3fdbac9fa41f56cfce4"
+    version: "514c561d933cb11a0f1628621a0b930157af76cd"
     toolchain: "1.80.0"
 
   coco-trustee: