Check the status of CVEs. Learn More.
Not sure what live patching is or how it works? Check out this comprehensive guide.
How does TuxCare’s KernelCare deploy vulnerability patches
without reboots or downtime?
Our team is always on the lookout. As soon as a new vulnerability affecting a
Linux kernel is announced, we immediately get to work on a patch.
then…
We create code that patches insecure kernel code with a secure but functionally equivalent replacement.
We compile every patch that impacts the affected kernel and deploy it to our distribution servers.
A KernelCare process running on your server checks our distribution servers every 4 hours. If a new patch is available, it can then be downloaded and applied to your running kernel – a process that can be automated.
The patch is passed to the KCE kernel module, which – in a matter of nanoseconds – pauses all processes, loads the updated binary into the secure kernel space, redirects all functions to the updated code – and the kernel resumes. Because this happens in nanoseconds, no processes are interrupted, and no failover condition is ever triggered.