How KernelCare Works

What is a kernel?

A kernel is a computer program that runs at the core of a computer’s operating system. It connects the user space (the software a user can access) to the hardware of the computer through a protected area of memory. This area is one of the first things to start when a computer boots up and is kept separate from the user space to prevent files from being overwritten or tampered, which could lead to a slower performance or crashing.

The kernel is in charge of executing processes and handling interrupts such as memory and file management or I/O (input/output) management. Such an important part of your computer requires patches from time to time to stay secure and remain high-performing. Prior to KernelCare, these updates would require you to manually stop your server and computer services in order to update the kernel and then perform a full reboot, costing you valuable time and energy.

A server reboot can take over 15 minutes or more to finish, which means either: rebooting your servers in the middle of the night (if you’re small enough) or scheduling a server downtime that would hopefully not impact your clients too much. Either way, someone is not going to be happy - that’s why the CloudLinux team created KernelCare. It automatically patches kernel security vulnerabilities without rebooting, which means no more service interruptions for you or your clients.

Patching the kernels

A patch is a fix to an original code that either changes or replaces a vulnerability with a more secure version of the code. A patch can be anything from a single line of code to entire data structure changes.

The KernelCare team is constantly monitoring security mailing lists to check for vulnerabilities. As soon as one is found, they’ll prepare a patch and then send it to their distribution servers. An agent will run a process on your server, checking with the distribution servers every 4 hours until it finds a new patch and then safely apply it to the running kernel without needing to stop it.

A special kernel module is used to apply the patches. It first loads the update into the kernel address space, then it places relocations on the original code/data to make sure the code block doesn’t execute during the update. Once finished, it will safely switch the execution path from the original to the updated code and then makes sure the old code will never run again.

KernelCare does all of this instantly, automatically, and without service interruptions – you won’t even notice the update taking place.


For more information about KernelCare, make sure to visit our KernelCare page or contact our support team by opening a ticket or through our live chat feature.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

 Are all patches from new kernels applied?

KernelCare is constantly making sure your servers are secure, therefore it focuses on only the...

 How to Force the Update of KernelCare

In order to force the update of KernelCare you just have to use the command kcarectl...

 Can I see which kernel is running on my server?

Yes, it is possible. Simply enter the following command into your terminal: kcarectl --uname...

 How to see what patches have been applied

To see which patches have been applied to your kernel, you can use the following command:...

 Does KernelCare work with third-party drivers?

The CloudLinux team is devoted to making their clients lives as easy as possible, therefore...