How KernelCare Works

What is a kernel?

A kernel is a computer program that runs at the core of a computer’s operating system. It connects the user space (the software a user can access) to the hardware of the computer through a protected area of memory. This area is one of the first things to start when a computer boots up and is kept separate from the user space to prevent files from being overwritten or tampered, which could lead to a slower performance or crashing.

The kernel is in charge of executing processes and handling interrupts such as memory and file management or I/O (input/output) management. Such an important part of your computer requires patches from time to time to stay secure and remain high-performing. Prior to KernelCare, these updates would require you to manually stop your server and computer services in order to update the kernel and then perform a full reboot, costing you valuable time and energy.

A server reboot can take over 15 minutes or more to finish, which means either: rebooting your servers in the middle of the night (if you’re small enough) or scheduling a server downtime that would hopefully not impact your clients too much. Either way, someone is not going to be happy - that’s why the CloudLinux team created KernelCare. It automatically patches kernel security vulnerabilities without rebooting, which means no more service interruptions for you or your clients.

Patching the kernels

A patch is a fix to an original code that either changes or replaces a vulnerability with a more secure version of the code. A patch can be anything from a single line of code to entire data structure changes.

The KernelCare team is constantly monitoring security mailing lists to check for vulnerabilities. As soon as one is found, they’ll prepare a patch and then send it to their distribution servers. An agent will run a process on your server, checking with the distribution servers every 4 hours until it finds a new patch and then safely apply it to the running kernel without needing to stop it.

A special kernel module is used to apply the patches. It first loads the update into the kernel address space, then it places relocations on the original code/data to make sure the code block doesn’t execute during the update. Once finished, it will safely switch the execution path from the original to the updated code and then makes sure the old code will never run again.

KernelCare does all of this instantly, automatically, and without service interruptions – you won’t even notice the update taking place.


For more information about KernelCare, make sure to visit our KernelCare page or contact our support team by opening a ticket or through our live chat feature.

  • 0 Users Found This Useful
Was this answer helpful?

Also Read

Does KernelCare work on 32-bit servers?

Unfortunately, KernelCare does not have 32-bit kernels at the moment. It is therefore not...

What kernels does KernelCare support?

KernelCare supports: For a full list of supported kernels,...

Do I have to restart my server after installing KernelCare?

One of the features that separates KernelCare from other services is how focused they are at...

When does it check for updates?

Keeping your servers up-to-date is KernelCare's biggest priority, therefore it...

Can KernelCare work on servers that do not have Internet access?

Yes. KernelCare can run on servers behind the firewall using KernelCare.ePortal. To learn more...