A guide to kernel live patching on Red Hat Enterprise Linux 7 and 8

Updated -

Kernel live patching is a solution that allows you to patch a running kernel with selected critical and important CVEs without rebooting your system.

For more information about the kernel live patching solution and how it works in Red Hat Enterprise Linux 7 see Applying patches with kernel live patching in the Kernel administration guide or refer to the release note notation. In RHEL 7 the live patching solution is supported from version 7.7.

In RHEL 8, the kernel live patching solution is supported from version 8.1 and the usage is identical as in RHEL 7. For further details see Applying patches with kernel live patching in Managing, monitoring and updating the kernel or refer to the release note notation.

7 Comments

Log in to comment
SN Active Contributor 129 points
12 September 2017 8:16 PM

What type of subscription should I have to access kpatch Hot Fixes like 'kpatch-patch-7.0-2.el7.x86_64.rpm' ? Also in which repository it should be available ?

LG Newbie 9 points
30 August 2019 11:08 AM

I'm interested in test kpatch tecnology. In wich repository are available de kpatch-XXX.rpm?

Marc Milgram's picture Red Hat Guru 1444 points
30 August 2019 1:51 PM

Hello Luis,

kpatch is available in the Red Hat Enterprise Linux 7 repository - currently for the RHEL 7.7 kernel. With the subscriptions from your company, kpatch is also supported for RHEL 7.4, RHEL 7.5, RHEL 7.6, and RHEL 8. If you need a kpatch for any of those versions, open a case. Each kpatch supports a specific kernel build, so if you request a kpatch include the kernel version - as returned by uname -r.

More details on how to use kpatch are in the following documentation: Applying patches with kernel live patching.

Regards,

Marc Milgram Senior software maintenance engineer

Jobin Joseph's picture Active Contributor 187 points
7 November 2019 6:09 AM

Do we need any additional subscription to use this feature?

Marc Milgram's picture Red Hat Guru 1444 points
7 November 2019 12:19 PM

You do not need additional subscriptions to use this feature.

Live kernel patches come out for versions where there will be Extended Update Support (EUS), but it is not necessary to have an EUS or premium subscription in order to receive live kernel patches until the next minor version is released.

Red Hat Enterprise Linux 7.7 is the last RHEL 7 release that will have EUS.

EUS is planned for 8.1, 8.2, 8.4, 8.6 and 8.8.

TE Community Member 40 points
17 December 2019 1:34 PM

Hi Marc, so even with a Self Service Subscribtion it could be used with Rhel 7.7? Regards Tim

Marc Milgram's picture Red Hat Guru 1444 points
18 December 2019 1:28 PM

Hi Tim,

With Self Subscription, as well as with Standard Subscription, you are able to download packages that are released for the minor release until the next comes out. Extended Update Support (EUS) is a subscription addon that provides 2 years of updates for a minor release. Premium support includes 2 years of updates as well.

That means that with a Self Service Subscription, you will be able to receive the latest RHEL 7.7 kpatches until RHEL 7.8 is released.

Regards,

Marc