diff --git a/evolinux-base/tasks/kernel.yml b/evolinux-base/tasks/kernel.yml
index b9b8c99c..9dc66c42 100644
--- a/evolinux-base/tasks/kernel.yml
+++ b/evolinux-base/tasks/kernel.yml
@@ -50,36 +50,17 @@
     reload: yes
   when: evolinux_kernel_cve20165696
 
-- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
+- name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack)
   sysctl:
-    name: net.ipv4.ipfrag_low_thresh
-    value: 196608
-    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
-    state: present
-    reload: yes
-
-- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
-  sysctl:
-    name: net.ipv6.ip6frag_low_thresh
-    value: 196608
-    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
-    state: present
-    reload: yes
-
-- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
-  sysctl:
-    name: net.ipv4.ipfrag_high_thresh
-    value: 262144
-    sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
-    state: present
-    reload: yes
-
-- name: Patch for TCP stack vulnerabiliy CVE-2018-5391 (FragmentSmack)
-  sysctl:
-    name: net.ipv6.ip6frag_high_thresh
-    value: 262144
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
     sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
+  with_items:
+    - { name: "net.ipv4.ipfrag_low_thresh",   value: 196608 }
+    - { name: "net.ipv6.ip6frag_low_thresh",  value: 196608 }
+    - { name: "net.ipv4.ipfrag_high_thresh",  value: 262144 }
+    - { name: "net.ipv6.ip6frag_high_thresh", value: 262144 }
 
 - meta: flush_handlers