Posted On: Apr 28, 2020

Amazon Web Services (AWS) announced Kernel Live Patching for Amazon Linux 2, enabling customers to patch security vulnerabilities and bugs in the Linux kernel without reboots and disruptions to running applications. As a result, Amazon Linux 2 customers benefit from improved service availability and better security posture, while keeping their infrastructure secure and up-to-date with ease. This feature is offered to Amazon Linux 2 users at no cost. 

Many customers build their applications to be highly available, and can introduce security patches without disrupting running applications. Applications that are not built with high availability cost time and resources to keep secure and up-to-date due to the downtime related to patching. Kernel Live Patching in Amazon Linux provides a way to reduce this downtime by applying a fix in the running kernel, eliminating the need to reboot the system after patching. This functionality can be used to patch security vulnerabilities and bugs without causing downtime. This can speed up the process of applying patches in large clusters of servers.  

Amazon Linux builds and releases kernel live patches for critical and important security vulnerabilities as well as critical bugs. Kernel live patches are delivered to existing Amazon Linux 2 repositories where they are available for installation. Customers install a ‘yum’ plugin to enable Kernel Live Patching. Once enabled, customers use the existing ‘yum update’ workflows to apply available kernel live patches.  

Kernel Live Patching for Amazon Linux is available in Preview for Amazon Linux 2 for use on Amazon EC2, VMware Cloud on AWS, and supported on-premises platforms. Visit Amazon Linux 2 Kernel Live Patching documentation for details and the Amazon Linux Security Center for a list of available kernel live patches.