As soon as a new vulnerability affecting a Linux kernel is announced,
the TuxCare team immediately gets to work on a live patch.
We create code that patches insecure kernel code with a secure but functionally equivalent replacement.
We compile every patch that impacts the affected kernel and deploy it to our distribution servers.
A KernelCare process running on your server checks our distribution servers every 4 hours. If a new patch is available, it can then be downloaded and applied to your running kernel.
The KCE kernel module – in a matter of nanoseconds – loads the updated binary into the secure kernel space and redirects all functions to the updated code – and the kernel resumes.
The LibCare add-on delivers automated, non-disruptive security patches to shared libraries like glibc and OpenSSL.