CloudLinux has informed Softpedia about the availability of a new version of its KernelCare rebootless kernel patching service for Linux-based operating systems, promising to mitigate the Meltdown and Spectre security vulnerabilities without reboots.
Meltdown and Spectre affect the kernel and other components of a Linux-based operating system, including QEMU, Xen, Nvidia graphics drivers, as well as web browsers like Firefox, Chrome, and Opera. To patch your Linux computer against these bugs that affect billions of devices, requires you to reboot your systems, but not with KernelCare, a commercial live patching service from CloudLinux.
According to CloudLinux, KernelCare is now capable of live patching the Meltdown vulnerability and the first variant of the Spectre exploit on CloudLinux 7 series of operating systems, as well as Red Hat Enterprise Linux 7, CentOS 7 and CentOS 7 Plus, and Proxmox Virtual Environment 3.10.
“Our live patching technology, KernelCare, delivers uninterrupted security updates of the kernel — without any interference or downtime for software running on the server. It fixes only the affected part, without actually rebooting or restarting the server,” says CloudLinux in a press announcement.
Ubuntu and Debian will soon be supported too
To use KernelCare on your CloudLinux, CentOS, Red Hat Enterprise Linux, and Proxmox VE systems, you’ll have to pay from $2.25 USD per server monthly, but there’s also a free trial that supports updates for all Linux kernels on an unlimited number of servers, and CloudLinux even promises to bring support for more GNU/Linux distributions soon.
These include CloudLinux 6, CentOS 6, Red Hat Enterprise Linux 6, and Virtuozzo 6 series, as well as Ubuntu, Debian, and other distros. However, CloudLinux noted the fact that Xen PV is not and won’t be supported on KernelCare, which is widely used among cloud providers and enterprises.
Some long-term supported Ubuntu systems use a similar live patching service, called Canonical Livepatch Service, but it doesn’t appear to be capable of live patching the Meltdown and Spectre security vulnerabilities at the time of writing. So until Canonical steps up to come with a better solution, you can use CloudLinux’s KernelCare.