Every month we do a lot of under-the-hood improvements to KernelCare which you may not notice, but trust us, it makes your KernelCare experience better. We've decided to share such updates with you on a monthly basis. Read the June update in this article.

A month ago, Virtuozzo's Team discovered the new security vulnerability in the kernel - CVE-2020-14305. It corrupts the memory in kernels from v3.5 to v4.10 and affects various Linux distributions. KernelCare is preparing the patches for this CVE which will be available this week. Read this article to learn about how the vulnerability was discovered and what is the mitigation for it.

In this podcast episode, KernelCare CEO Igor Seletskiy talks with Gaper.io’s Mark Allen about CloudLinux, and why it’s a fully remote company. In this article you will find a podcast recording and an overview of what they talked about during their conversation. 

On 18 June, KernelCare CEO Igor Seletskiy was interviewed by Adam Torres on his Mission Matters Innovation podcast. The topic was rebootless updates, and why they’re important for servers. In this blog post you will find the answer to this question and an overview of what other insights were discussed during the podcast.

Updating Linux kernels is a routine – as dull as taxes and only slightly less inconvenient than death. New security vulnerabilities in the Linux kernel seem to appear with tedious regularity and even get fancy names. In most but not all cases, the patches needed to fix them follow swiftly after. There is work involved in patching the kernel the latest Linux kernel security updates, and danger if you delay–leave it too long and bad actors might take advantage of the period of vulnerability.

For the past nine months, KernelCare’s Linux kernel live patching software has supported ARMv8 (AArch64) in addition to x86_64 (Intel IA32/AMD AMD64). To get KernelCare running on Arm, we needed a stack frame unwinder.

This article explains what they are, what they’re used for, and why we had to write our own.

Live patching is a way of updating a Linux kernel without interruption. Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.

Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.

This tutorial will show how to use Kpatch to change the behavior of a running Ubuntu 20.04 LTS Focal Fossa kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater.

On 9 June, Anthony Steinhauser, an engineer at Google, made some urgent posts to the Linux kernel mailing list. In them, he pointed out that hardware bugs in Intel and AMD chips are leaving servers vulnerable to Spectre exploits--even after the kernel is patched. Fortunately, a fix for this problem is being developed by the KernelCare team. First patches will be available by the end of the week of 22 June.

CloudLinux is an Amazon Web Services (AWS) Advanced Technology Partner, and our live patching system, KernelCare, is currently being used to patch AWS Elastic Compute Cloud (EC2) systems.

How does KernelCare patch Linux kernels on AWS EC2 servers? Read on to find out. 

A new version of KernelCare ePortal allows using custom paths for certificates and uses system certificates by default, as opposed to the previous version which worked with certificates from certifi lib.