Linux Kernel Live Patching is a feature of the Linux kernel that allows users to apply patches to the kernel software without having to recompile the kernel. This feature is useful for security researchers who want to patch the kernel in order to fix security issues. The Linux Kernel Live Patching feature was first introduced in version 3.0 of the Linux kernel. The purpose of this feature is to make it easier for users to apply patches to the kernel, as well as improve the security of the kernel. There are a few different ways that you can use Linux Kernel Live Patching. You can use it to apply patches directly to the kernels, or you can use it to apply patches through a package manager such as aptitude or synaptic. You can also use it in combination with other features of the Linux kernel, such as CONFIG_SYSV_POSIX_ACL and CONFIG_SYSV_POSIX_CHECKSums. Linux Kernel Live Patching is an important feature of the Linux kernel, and it should be used carefully when applying patches because it can cause some aspects of thekernel software to not work correctly.


Applying critical security updates is important to keeping your Linux server safe from potential attackers, but it can cause downtime, which isn’t good either. Live kernel patching can apply important kernel updates without taking your server offline.

What Is Live Kernel Patching?

Before live kernel patching, system administrators needed to choose between keeping their server on or applying security updates. This is obviously not ideal, so in 2008 Jeff Arnold at MIT created KSplice, a tool that could apply updates by taking a binary diff and applying patches to the running kernel in memory.

This requires writing a custom patch for each update, so it’s only reserved for critical security vulnerabilities that need quick fixes, not regular everyday updates. But, when the need arises, this simple solution offers a way to apply those fixes without affecting server uptime.

In reality, live kernel patching is a bit less useful than it may seem. If you care about server uptime, you’re likely also wanting to meet some sort of SLA or have a critical service to keep running. In a high-availability network, any single server should theoretically be able to spontaneously combust without affecting the uptime of the application. Ideally, you should have two or more servers behind load balancers, and if you have more than one server, they can be updated one at a time without greatly affecting service availability, though you might be at 50% load capacity for a short while.

RELATED: How To Get Started With AWS’s Elastic Load Balancers

With that considered, live kernel patching is usually done automatically once a new patch is available. By turning live patching on, your system should stay up to date automatically, and you won’t have to have someone orchestrate a rolling server update with potential downtime. This is a huge upside for most system administrators.

Downsides of Live Patching

Live kernel patching is still pretty complicated to do—patches must be written by experts, for each system, and it’s only reserved for important security patches. Even then, it’s not guaranteed not to crash your system. Ubuntu manages this risk by rolling the patches out slowly to a few users at a time, while monitoring for crashes.

Live kernel patching also can’t do everything—it can only be applied to small and specific portions of kernel code, and it can’t be used for any major updates that affect multiple components or change data structures.

Who Supports Live Patching?

Unfortunately, the original KSplice program is no longer open source, after being acquired by Oracle in 2011 for integration into Oracle Linux.

With KSplice going closed source, many other companies in the Linux server space developed their own version. With patches needing to be custom written and tested per system, it makes maintaining a single open-source “Live Kernel Patcher” very hard.

Ubuntu has Canonical Livepatch. It’s free for up to three machines, after which you’ll need an Ubuntu Advantage subscription for each machine.

RELATED: How to Make Sure Your Ubuntu Servers Are Always Patched