A guide to kernel live patching on Red Hat Enterprise Linux 7 and 8

Updated -

Kernel live patching is a solution that allows you to patch a running kernel with selected critical and important CVEs without rebooting your system.

For more information about the kernel live patching solution and how it works in Red Hat Enterprise Linux 7 see Applying patches with kernel live patching in the Kernel administration guide or refer to the release note notation. In RHEL 7 the live patching solution is supported from version 7.7.

In RHEL 8, the kernel live patching solution is supported from version 8.1 and the usage is identical as in RHEL 7. For further details see Applying patches with kernel live patching in Managing, monitoring and updating the kernel or refer to the release note notation.

5 Comments

Log in to comment
SN Active Contributor 122 points
12 September 2017 8:16 PM

What type of subscription should I have to access kpatch Hot Fixes like 'kpatch-patch-7.0-2.el7.x86_64.rpm' ? Also in which repository it should be available ?

LG Newbie 9 points
30 August 2019 11:08 AM

I'm interested in test kpatch tecnology. In wich repository are available de kpatch-XXX.rpm?

Marc Milgram's picture Red Hat Guru 1434 points
30 August 2019 1:51 PM

Hello Luis,

kpatch is available in the Red Hat Enterprise Linux 7 repository - currently for the RHEL 7.7 kernel. With the subscriptions from your company, kpatch is also supported for RHEL 7.4, RHEL 7.5, RHEL 7.6, and RHEL 8. If you need a kpatch for any of those versions, open a case. Each kpatch supports a specific kernel build, so if you request a kpatch include the kernel version - as returned by uname -r.

More details on how to use kpatch are in the following documentation: Applying patches with kernel live patching.

Regards,

Marc Milgram Senior software maintenance engineer

Jobin Joseph's picture Active Contributor 187 points
7 November 2019 6:09 AM

Do we need any additional subscription to use this feature?

Marc Milgram's picture Red Hat Guru 1434 points
7 November 2019 12:19 PM

You do not need additional subscriptions to use this feature.

Live kernel patches come out for versions where there will be Extended Update Support (EUS), but it is not necessary to have an EUS or premium subscription in order to receive live kernel patches until the next minor version is released.

Red Hat Enterprise Linux 7.7 is the last RHEL 7 release that will have EUS.

EUS is planned for 8.1, 8.2, 8.4, 8.6 and 8.8.