{% extends "security/base_security.html" %} {% block title %}Ubuntu Livepatch Service | Security{% endblock %} {% block meta_description %} Ubuntu Livepatch eliminates the need for unplanned maintenance windows for kernel vulnerabilities, by patching the Linux kernel while the system runs. {% endblock %} {% block meta_copydoc %} https://docs.google.com/document/d/1g_Ip5MzlBRpbM2wULpSnsR5XaHJVWgLPLdq8_7fCHrs/edit# {% endblock meta_copydoc %} {% block content %}

Linux Kernel Livepatch

Mitigate Linux kernel exploits with Livepatch

Livepatch shrinks the exploit window for critical and high severity Linux kernel vulnerabilities, by patching the Linux kernel between security maintenance windows, while the system runs.

Livepatch provides security coverage for 10 years with Ubuntu Pro, and an additional 2 years with Ubuntu Pro Legacy, for a total of 12 years.

Get Ubuntu Pro

Learn more about Livepatch

{{ image(url="https://assets.ubuntu.com/v1/6e184942-Webinar.svg", alt="", width="32", height="28", hi_def=True, attrs={"class": "p-heading-icon__img p-heading-icon__img--small"}, loading="lazy",) | safe }}

Webinar

{{ image(url="https://assets.ubuntu.com/v1/e2315503-tutorial.svg", alt="", width="46", height="30", hi_def=True, attrs={"class": "p-heading-icon", "style": "margin-top: 0.3rem;"}, loading="lazy") | safe }}   

Documentation

Livepatch is a perfect fit for our needs. There’s no other solution like it, and it’s highly cost-effective. Manually migrating virtual machines, applying kernel updates, and rebooting took an average of 32 hours per server. Multiplied by 80 servers, that was more than 2,500 hours of work.

Shinya Tsunematsu, Senior Engineering Lead of Tech Division, GMO Pepabo
Read the GMO Pepabo case study ›

Spend less time on unplanned work

According to a study of Dimensional research 64% of IT professionals spend more than 100 hours per year on unplanned work. That’s work that eliminates focus and distracts from one’s goals and business objectives. With 40% of high and critical severity vulnerabilities affecting the Linux kernel, the number of interruptions can be significant. Livepatch reduces the unplanned work that comes from Linux kernel vulnerabilities, making you more effective when managing Ubuntu systems.

Reduce downtime

Downtime is one of the major pains of every service provider. That is however unavoidable when deploying vulnerability fixes on the Linux kernel the traditional way. That’s because the updated system needs to be rebooted to apply the changes irrespective of your deployment strategy (Kubernetes, OpenStack or bare-metal). Industry leaders achieve high uptime by livepatching and scheduled maintenance.

Follow organisational policy

Livepatch on-prem allows you to define your rollout policy and remain in full control of which machines will get updated and when, as well as provide updates to isolated network environments. To keep your machines up-to-date, the Livepatch on-prem server regularly syncs with Ubuntu Livepatch service and obtains the latest patches. It then applies the policy for releasing patches gradually in as many stages as needed.

Get in touch

Kernel livepatching at a glance

When a high or critical Linux kernel vulnerability is detected a livepatch along with a Livepatch Security Notice are issued. Systems that enable the livepatch client will receive and apply the patch, after it is made available. The livepatch will provide new kernel code replacing the vulnerable one, and will update the rest of the kernel to use the new code.

Read more Livepatch coverage
{{ image(url="https://assets.ubuntu.com/v1/72bfe690-Livepatching+at-a-glance-diagram.svg", alt="Livepatching diagram", width="500", height="200", hi_def=True, loading="lazy",) | safe }}

Livepatch on-prem overview

Livepatch on-prem is designed for complex Enterprise environments that follow their own rollout policy and remain in control of which machines will get updated and when. Livepatch on-prem regularly syncs with the Ubuntu Livepatch service and obtains the latest patches. It then deploys the livepatches gradually in as many stages as required.

Read more
{{ image(url="https://assets.ubuntu.com/v1/0fe5fa1d-Livepatch+on-prem+overview-diagram.svg", alt="Livepatching on prem diagram", width="500", height="250", hi_def=True, loading="lazy",) | safe }}

Livepatch is used by

{{ image(url="https://assets.ubuntu.com/v1/9ae8ff55-2018-logo-bloomberg.svg", alt="Bloomberg", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}
{{ image(url="https://assets.ubuntu.com/v1/d8f890fb-logo-at%26t.svg", alt="AT&T", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}
{{ image(url="https://assets.ubuntu.com/v1/d199354d-2018-logo-deutsche-telekom.svg", alt="Deutcshe Telecom", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}
{{ image(url="https://assets.ubuntu.com/v1/675af314-2018-logo-eBay.svg", alt="eBay", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}
{{ image(url="https://assets.ubuntu.com/v1/8a4d26de-2018-logo-cisco.svg", alt="Cisco", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}
{{ image(url="https://assets.ubuntu.com/v1/94da9f2a-2018-logo-NTT.svg", alt="NTT", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}
{{ image(url="https://assets.ubuntu.com/v1/dcde7628-2018-logo-best-buy.svg", alt="Best Buy", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}
{{ image(url="https://assets.ubuntu.com/v1/9f7bc2d4-2018-logo-paypal.svg", alt="PayPal", width="145", height="145", hi_def=True, loading="lazy", attrs={"class": "p-logo-section__logo"},) | safe }}

Get Livepatch with Ubuntu Pro

Free for personal use

Livepatch is available free for up to 5 machines, for personal use, or evaluation purposes.


Get your free subscription

Part of Ubuntu Pro

Get Livepatch with an Ubuntu Pro subscription from Canonical.

Get Ubuntu Pro

How to enable the Ubuntu Livepatch Service


  1. Attach your subscription

    sudo pro attach [TOKEN]

    Note: obtain the subscription token via the Ubuntu Pro portal. This step is not necessary on Ubuntu Pro.

  2. Enable Livepatch on your system

    sudo pro enable livepatch

{{ image(url="https://assets.ubuntu.com/v1/5edefef9-Datasheet.svg", alt="", width="32", height="28", hi_def=True, loading="lazy", attrs={"class": "p-heading-icon__img p-heading-icon__img--small"},) | safe }}

Datasheet

Learn more about Livepatch

  • Detailed product overview
  • System requirements
  • Answers to frequently asked questions

Download the datasheet

{{ image(url="https://assets.ubuntu.com/v1/0326ac7d-dena-logo.png", alt="Dena", width="144", height="59", hi_def=True, loading="auto",) | safe }}

Livepatch is like a dream come true, both from a technical and a business standpoint. Our Ubuntu systems now rarely, or never, have to be rebooted. Service is continuous. That makes a big difference for user and customer satisfaction and loyalty.

Masaaki Hirose, IT Platform Department, DeNA
{{ image(url="https://assets.ubuntu.com/v1/c4b290c8-Contact+us.svg", alt="", width="281", height="200", hi_def=True, loading="lazy",) | safe }}

Get started with Livepatch today

Livepatch is free to use on your own PC or server. To discuss whether Livepatch is right for your business, talk to our team.

Get in touch

{% with first_item="_server_download", second_item="_server_contact_us", third_item="_cloud_further_reading" %} {% include "shared/contextual_footers/_contextual_footer.html" %} {% endwith %}
{% endblock content %}