How KernelCare Works

What is a kernel?

A kernel is a computer program that runs at the core of a computer’s operating system. It connects the user space (the software a user can access) to the hardware of the computer through a protected area of memory. This area is one of the first things to start when a computer boots up and is kept separate from the user space to prevent files from being overwritten or tampered, which could lead to a slower performance or crashing.

The kernel is in charge of executing processes and handling interrupts such as memory and file management or I/O (input/output) management. Such an important part of your computer requires patches from time to time to stay secure and remain high-performing. Prior to KernelCare, these updates would require you to manually stop your server and computer services in order to update the kernel and then perform a full reboot, costing you valuable time and energy.

A server reboot can take over 15 minutes or more to finish, which means either: rebooting your servers in the middle of the night (if you’re small enough) or scheduling a server downtime that would hopefully not impact your clients too much. Either way, someone is not going to be happy - that’s why the CloudLinux team created KernelCare. It automatically patches kernel security vulnerabilities without rebooting, which means no more service interruptions for you or your clients.

Patching the kernels

A patch is a fix to an original code that either changes or replaces a vulnerability with a more secure version of the code. A patch can be anything from a single line of code to entire data structure changes.

The KernelCare team is constantly monitoring security mailing lists to check for vulnerabilities. As soon as one is found, they’ll prepare a patch and then send it to their distribution servers. An agent will run a process on your server, checking with the distribution servers every 4 hours until it finds a new patch and then safely apply it to the running kernel without needing to stop it.

A special kernel module is used to apply the patches. It first loads the update into the kernel address space, then it places relocations on the original code/data to make sure the code block doesn’t execute during the update. Once finished, it will safely switch the execution path from the original to the updated code and then makes sure the old code will never run again.

KernelCare does all of this instantly, automatically, and without service interruptions – you won’t even notice the update taking place.


For more information about KernelCare, make sure to visit our KernelCare page or contact our support team by opening a ticket or through our live chat feature.

  • 0 Users Found This Useful
Was this answer helpful?

Also Read

Can I use a single KernelCare key to register multiple servers?

Yes. The KernelCare key can be used to deploy and register multiple servers at one time....

How to migrate from Ksplice to KernelCare

Ksplice is a technology that updates kernels with important security patches without the need to...

Are all patches from new kernels applied?

KernelCare is constantly making sure your servers are secure, therefore it focuses on only the...

I'm switching from Ksplice to KernelCare, should I restart?

There is no need to restart - just uninstall Ksplice with: # yum uninstall ksplice If...

How to Check if your Kernel is Supported by KernelCare

It is very important to know whether or not a particular kernel is supported by KernelCare....