The 2023 Deep Dive into Linux Kernel Updates

Maintaining a secure and reliable system requires constant attention to the latest Linux kernel updates on the system administrator’s task list. Updates to the Linux kernel offer necessary security patches, performance improvements, and bug fixes to keep your system operating correctly. 

Reliable, efficient IT depends on repeatable processes that run like clockwork – it doesn’t make sense to change practices all the time, but key policies still need to be refreshed every now and again to keep up with changes in the technology – and the cybersecurity landscape.

Kernel patching is one of these processes – and often, organizations decide not to mess with a patching policy that looks like it works. Worse, sometimes kernel patching is seen as an arcane sysadmin job – never given much thought by anyone outside of the Linux fans in the company.

Yet kernel patching really matters, given how Linux kernel vulnerabilities keep emerging every month. Just one unpatched kernel vulnerability can lead to disaster, as malicious actors take advantage of an inefficient or ineffective patching regime.

For example, patches often require a reboot to be effective, and the waiting periods between reboot cycles can allow malicious actors to exploit a vulnerability. Rather than leave patching open to scheduled gaps, tech teams should consider adopting a different route to patching.

In this article, we outline what the Linux kernel is, why Linux kernel updates are so important – and explain why Linux kernel live patching is critical to boosting your cybersecurity efforts.

Understanding What a Kernel Is

A kernel sits at the core of any modern operating system (OS), acting as a bridge between the physical computer hardware and the applications running on the operating system. Applications typically do not control computer hardware directly – instead, the operating system facilitates this communication.

The kernel is the core part of the operating system that loads at bootup and manages low-level operations, such as memory management and scheduling of processor tasks. Any higher-level functions in the operating system are always managed and actioned by the OS kernel.

In simple words, the kernel is like the boss of your computer, which helps all the parts work together and keeps everything running smoothly. 

Every OS kernel has a slightly different role, and kernels can be divided roughly into five different types:

• Monolithic Kernel: A monolithic kernel is where a large chunk of OS functionality is packaged inside a single unit – including device drivers, memory management, task schedulers, and so forth. Monolithic kernels are used in environments using large servers or where a server is dedicated to a specific job.

• Microkernel: Microkernels are much slimmer in nature and only consist of the absolute minimum code to enable memory management, scheduling, and communications amongst processes. It minimizes the amount of memory the kernel needs – and this type of kernel is typical in a real-time system.

• Hybrid Kernel: A hybrid kernel blends features of the monolithic kernel and the microkernel – it is larger in footprint and in memory consumption than a microkernel, but it is essentially a slimmed-down version of a monolithic kernel – say with device drivers removed, but still keeping key OS services within the kernel. It’s typical of modern-day desktop kernels such as Windows and OS X, as well as versatile server kernels, including Linux.

• Nanokernel: Nano kernels are extremely stripped-down versions of kernels, essentially only offering hardware abstraction through a minimal kernel space – think about a virtualization hypervisor, for example.

• Exo Kernel: Exo kernels are essentially academic in nature, offering resource protection alone, and are mostly used where specific access is required for hardware.

No matter what type of kernel is in use – kernels are always at the core of an OS, and as such, a kernel offers malicious actors a unique, attractive target. An attacker that can compromise an OS kernel can gain wide access to systems.

What is a Kernel Update – and Why Is It so Important?

Linux kernel updates enhance the stability and security of the operating system because developers are constantly identifying and fixing problems or vulnerabilities that could be used by attackers. Users can protect their systems from potential security breaches and ensure their data remains secure by applying kernel updates. 

It’s clear that the Linux kernel is central to the Linux operating system – and, by consequence, central to many of the most common server operating systems used every day. Think everything from Red Hat Enterprise Linux to free Linux distros such as Ubuntu and Debian. 

Linux-based operating systems are widely utilized for enterprise workloads worldwide, relying on a secure, dependable, and current Linux kernel. Over time, Linux developers update the kernel by adding new features. But another important role of Linux kernel developers is patching security vulnerabilities.

These patches are released at regular intervals, but patching procedures that allow for – say – delays in reboots will mean that patches are not applied as soon as a patch is released for a vulnerability. In other words, a lacking patching regime will imply that workloads are at more risk for longer than they need to be.

Introduction to Linux Kernel Patching

While Linux started as a project by a single individual, it has evolved into one of the most important OS kernels – serving everyone from desktop users right through to critical enterprise applications.

After thirty years of development, Linux has reached the point where it is an extremely stable OS kernel, but it nonetheless contains bugs and vulnerabilities. After all, with twenty million lines of code, there will be some human errors in there.

Many of these vulnerabilities will rapidly become public simply because the Linux kernel is open source, in other words, the public has full access to the Linux kernel source code. As a consequence, malicious actors also have access to Linux kernel source code – and the visible flaws and vulnerabilities. In turn, breaching a single Linux server can lead to countless opportunities – leaving hundreds of enterprise clients vulnerable to an attack.

It’s not hard to see then that Linux OS vendors are always trying to keep abreast of the latest discoveries of vulnerabilities, and one of the ways to respond to a newly discovered vulnerability is of course through patching that vulnerability.

The trouble is that the flaws keep coming: month in, month out new flaws are discovered – sometimes in very old Linux kernel code. In fact, hundreds of Linux kernel vulnerabilities are discovered every year, and these all need patches – and every patch needs to be installed.

From a sysadmin perspective, the sheer workload can become infuriating – with patch after patch surfacing. Worse, many patches require a server reboot. Constantly disrupting services to install a patch is simply not a realistic prospect.

Systems administrators, therefore, often take the view that patching can simply wait until there is a sufficient number of outstanding patches to warrant a disruptive server reboot – but this leaves a wide window of vulnerability as some patches are left unapplied for an extended period.

Understanding the Difference Between Updating and Upgrading

One point that’s worth clarifying is the difference between updating the Linux kernel and upgrading the Linux kernel.

Let’s look at upgrades first. We know that technology moves forward – new capabilities are rolled out all the time with new features and benefits. Often these new features are wrapped in a package that constitutes a major move forward – and that would be called an OS upgrade.

Thus, it is a component of a system upgrade process that may also involve switching to a new major release of the Linux distribution and implementing important changes, new features, and enhancements throughout the entire operating system.

In contrast, an OS update is intended to fix issues – either there is a broken feature or the developer of the OS discovered a security vulnerability that needed remediation. The more urgent – and more compact – nature of updates means that these are released more frequently than upgrades.

When installing Linux kernel updates, the current kernel will be replaced with a newer one that brings bug fixes, security patches, and possibly some additional features. The update only affects the kernel component; the user’s installed applications and system preferences are untouched. 

However, updates can still be disruptive to install and are therefore not always installed upon release.

How Frequently Are Linux Kernel Updates Released?

Linux kernel updates are released at a high frequency – in part due to the fact that Linux kernel vulnerabilities are continuously discovered right through the year. It’s not a matter of quarterly or annual updates – it’s more frequent than that.

Where a vulnerability is discovered, Linux kernel security updates – or patches – will likely be released almost immediately. In other words, Linux updates are issued at unpredictable intervals. It makes it difficult to plan for system updates – and the associated disruption.

Nonetheless, updates need to be applied sooner rather than later, as regular patching is often required by compliance obligations – and by service level agreements.

The latest Linux kernel version is 6.3.4, a non-LTS series, which is expected to reach end of life at the end of July, whereas the final release of the upcoming Linux kernel 6.4 is projected to be released in July.

How to Check Linux Kernel Updates?

To check the current Linux kernel version on your system, you can run this command.

$ uname -r

Output:

Linux 5.15.0-53-generic

Here, 5.15.0 is the kernel version and 53 is the patch number.

Do Updates Get Applied Automatically to Linux?

Many operating systems self-update – think about those regular, frustrating Windows restarts for example. Linux does not automatically update – but you can set a scheduler to ensure that Linux is automatically updated using your Linux OS platform maintainer – some Linux vendors have packages that facilitate unattended updates.

Without automatic updates, a Linux-based OS such as Ubuntu or CentOS can quickly become outdated – with key vulnerabilities left unpatched. Sysadmins can install Linux kernel updates on a regular schedule – but often fail to do so due to a lack of time and resources, or simply because they want to avoid the associated disruption.

There is an alternative in terms of automated patching – and in particular, automated patching that is completed without reboots. It’s called live patching, but we will cover this in a later section.

Five Poor Reasons to Update Your Linux Kernel

So we know that Linux kernel updates are resource intensive and disruptive. Not every kernel update is the same, however – so it’s worth considering whether a kernel update is really necessary. Some of the reasons that have limited validity include:

• Purely to improve stability as the Linux kernel is already incredibly stable, and you should closely evaluate any promised stability improvements before installing an update that promises a small increase in stability – or an increase in stability in an edge case.

• Driver updates are also not a good reason to update the kernel, as you may well find that the driver update is not applied to hardware in use in your installation of Linux or doesn’t provide enough of a tangible benefit to offset the downtime for installation.

• Additional functionality is another reason why you may want to think twice about a kernel update. It’s worth considering whether that functionality is really necessary – and whether the software you use will really require that functionality anytime soon.

• Faster performance, while always useful, is not necessarily a reason to upgrade your kernel, particularly where these performance enhancements are really incremental in nature.

• Where downtime is significant, you should also pause on non-critical kernel upgrades and think twice about whether the upgrade will really bring benefits to your workload.

In other words, kernel upgrades are not universally desirable – or universally urgent. But there is a type of kernel upgrade that is far more urgent – and which is almost always a good reason to update your Linux instance.

A Good Reason to Update Your Linux Kernel

Security vulnerabilities are without a shadow of a doubt a good reason to update your Linux kernel. These flaws can be exploited at great cost to you – each unpatched, unfixed vulnerability acts as an open door to hackers who can take advantage to disrupt and steal from you. Furthermore, unpatched vulnerabilities will leave you non-compliant and potentially in breach of contract.

So you need to keep your Linux servers secure by updating, but it can be challenging to do so both in terms of resources – and in terms of the disruption associated with server updates. Thankfully, there is a solution – live Linux kernel update without rebooting.

Live Linux Kernel Update without Reboot

Updating the Linux kernel can be time-consuming and tedious and even more so given the frequency of updates that the ever-growing number of Linux kernel vulnerabilities requires. But live kernel patching takes away the frustrating aspects of updating the Linux kernel – by removing the need to update manually, and by removing the requirement to reboot a server once the kernel update is applied.

In other words, live patching means that you can update your Linux servers automatically without manual intervention. And you can do so without stopping and restarting a live, active server – so there’s no need to interrupt your workload to apply an update.

Live Patching Tool for Linux Kernels

Live patching comes in a few different guises. First, you can use administered live patching where you apply the live patching yourself. Fully automatic live patching implies that patches are applied upon release – and done so automatically, without the need for you to intervene.

Ideally, you want fully automatic live patching with the multi-platform capability to ensure that you patch broadly – and across your technology estate. This is what TuxCare’s KernelCare Enterprise delivers – an end-to-end live patching solution that doesn’t require reboots, and which automates vulnerability patching across a wide range of popular enterprise Linux distributions, shared libraries, databases, IoT devices, and virtual machines – effortlessly.

This more persistent way of patching ensures not just that your servers remain secure, but also keeps your Linux server running in optimal shape.

You Need to Patch – and Live Patching is the Most Realistic Option

A lack of consistent patching is something that may never catch up to you – after all, it’s easy to say that you’ve never been hacked and therefore don’t need to worry too much about patching. But this can change rapidly with just one successful attack.

Patching is critical in today’s cybersecurity environment – the automated, persistent attacks by today’s hackers mean that any unpatched vulnerability is open season. Linux won’t patch itself, and manual patching is resource intensive.

Instead, consider effortless, rebootless automated patching from TuxCare – and ensure that your Linux kernels are always protected against known vulnerabilities.

Now that you know the importance of Linux kernel updates and live kernel patching, find out how KernelCare’s live patching works.

Summary

Article Name

The 2023 Deep Dive to Linux Kernel Updates

Description

Let's outline why Linux kernel updates are so important – and explain why live patching is critical to boosting your cybersecurity efforts.

Author

Rohan Timalsina

Publisher Name

TuxCare

Publisher Logo