diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml
index 4c6fc9bc0..14503a2fe 100644
--- a/.github/workflows/stackhpc-build-kayobe-image.yml
+++ b/.github/workflows/stackhpc-build-kayobe-image.yml
@@ -42,7 +42,7 @@ jobs:
   build-kayobe-image:
     name: Build kayobe image
     if: inputs.if || github.repository == 'stackhpc/stackhpc-kayobe-config' && github.event_name == 'push'
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     permissions:
       contents: read
       packages: write
diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml
index f5cfb90de..aba6bacb7 100644
--- a/.github/workflows/stackhpc-pull-request.yml
+++ b/.github/workflows/stackhpc-pull-request.yml
@@ -13,7 +13,7 @@ jobs:
   # would skip the workflow entirely, and would prevent us from making the
   # aio jobs required to pass (a skip counts as a pass).
   check-changes:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     permissions:
       pull-requests: read
     name: Check changed files
diff --git a/releasenotes/notes/neutron-cve-37a7821967a36779.yaml b/releasenotes/notes/neutron-cve-37a7821967a36779.yaml
new file mode 100644
index 000000000..0b179c127
--- /dev/null
+++ b/releasenotes/notes/neutron-cve-37a7821967a36779.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Updated Neutron container image tags to fix CVE-2024-53916. See `#2037002
+    <https://bugs.launchpad.net/neutron/+bug/2037002>`__ for more
+    details.