Linux Kernel Livepatch
Mitigate Linux kernel exploits with Livepatch
Livepatch shrinks the exploit window for critical and high severity Linux kernel vulnerabilities, by patching the Linux kernel between security maintenance windows, while the system runs.
Livepatch provides security coverage for 10 years with Ubuntu Pro, and an additional 2 years with Ubuntu Pro Legacy, for a total of 12 years.
Read the Livepatch documentation
Read the docsRead the GMO Pepabo case study ›Livepatch is a perfect fit for our needs. There’s no other solution like it, and it’s highly cost-effective. Manually migrating virtual machines, applying kernel updates, and rebooting took an average of 32 hours per server. Multiplied by 80 servers, that was more than 2,500 hours of work.
Shinya Tsunematsu, Senior Engineering Lead of Tech Division, GMO Pepabo
Spend less time on unplanned work
According to a study of Dimensional research 64% of IT professionals spend more than 100 hours per year on unplanned work. That’s work that eliminates focus and distracts from one’s goals and business objectives. With 40% of high and critical severity vulnerabilities affecting the Linux kernel, the number of interruptions can be significant. Livepatch reduces the unplanned work that comes from Linux kernel vulnerabilities, making you more effective when managing Ubuntu systems.
Reduce downtime
Downtime is one of the major pains of every service provider. That is however unavoidable when deploying vulnerability fixes on the Linux kernel the traditional way. That’s because the updated system needs to be rebooted to apply the changes irrespective of your deployment strategy (Kubernetes, OpenStack or bare-metal). Industry leaders achieve high uptime by livepatching and scheduled maintenance.
Follow organisational policy
Livepatch on-prem allows you to define your rollout policy and remain in full control of which machines will get updated and when, as well as provide updates to isolated network environments. To keep your machines up-to-date, the Livepatch on-prem server regularly syncs with Ubuntu Livepatch service and obtains the latest patches. It then applies the policy for releasing patches gradually in as many stages as needed.
Kernel livepatching at a glance
When a high or critical Linux kernel vulnerability is detected a livepatch along with a Livepatch Security Notice are issued. Systems that enable the livepatch client will receive and apply the patch, after it is made available. The livepatch will provide new kernel code replacing the vulnerable one, and will update the rest of the kernel to use the new code.
Livepatch on-prem overview
Livepatch on-prem is designed for complex Enterprise environments that follow their own rollout policy and remain in control of which machines will get updated and when. Livepatch on-prem regularly syncs with the Ubuntu Livepatch service and obtains the latest patches. It then deploys the livepatches gradually in as many stages as required.
Read moreLivepatch is used by
Get Livepatch with Ubuntu Pro
Free for personal use
Livepatch is available free for up to 5 machines, for personal use, or evaluation purposes.
Get your free subscription
How to enable the Ubuntu Livepatch Service
-
Attach your subscription
sudo pro attach [TOKEN]
-
Enable Livepatch on your system
sudo pro enable livepatch
Learn more about Livepatch
- Detailed product overview
- System requirements
- Answers to frequently asked questions
Livepatch is like a dream come true, both from a technical and a business standpoint. Our Ubuntu systems now rarely, or never, have to be rebooted. Service is continuous. That makes a big difference for user and customer satisfaction and loyalty.
Masaaki Hirose, IT Platform Department, DeNA
Get started with Livepatch today
Livepatch is free to use on your own PC or server. To discuss whether Livepatch is right for your business, talk to our team.