Tech Support
Documentation
Login
Contact Us
TuxCare’s Upcoming Webinars: STIG Security 101 [Sept 18th] & When Spring Ends: How to Securely Work with End-of-Life Spring Projects [Sept 19th]
The Live Patching Process
How does TuxCare’s KernelCare deploy vulnerability patches
without reboots or downtime?
We Monitor New Vulnerabilities
Our team is always on the lookout. As soon as a new vulnerability affecting a
Linux kernel is announced, we immediately get to work on a patch
then…
-
We Create the Patch
We create code that patches insecure kernel code with a secure but functionally equivalent replacement.
-
We Prepare the Patch for Deployment
We compile every patch that impacts the affected kernel and deploy it to our distribution servers.
-
You Receive the Patch
A KernelCare process running on your server checks our distribution servers every 4 hours. If a new patch is available, it can then be downloaded and applied to your running kernel – a process that can be automated.
-
KernelCare Applies the Patch
The patch is passed to the KCE kernel module, which – in a matter of nanoseconds – pauses all processes, loads the updated binary into the secure kernel space, redirects all functions to the updated code – and the kernel resumes. Because this happens in nanoseconds, no processes are interrupted, and no failover condition is ever triggered.
Ready to say goodbye to patching-related
downtime and maintenance windows?
