1.1 About Oracle Ksplice

On average, the Linux kernel receives security updates and bug fixes about once per month. Traditionally, applying such updates would require you to obtain and install the updated kernel RPMs, to schedule downtime, and to reboot the server into the new kernel with the critical updates. As system setups become more complex with many interdependencies, and access to services and applications must remain as undisrupted as possible, scheduling such reboots becomes more difficult and costly.

Oracle Ksplice enables you to keep your systems secure and highly available by allowing you to update your systems with the latest kernel security errata and other critical updates. Oracle Ksplice updates the running kernel image without requiring a reboot. Your systems remain up to date with their OS vulnerability patches and downtime is minimized. A Ksplice update takes effect immediately it is applied. It is not an on-disk change that only takes effect after a subsequent reboot.

Oracle creates each Ksplice update from a kernel update that originates either from Oracle or from the Linux kernel community.

Figure 1.1, “Life Cycle of a Ksplice Update” illustrates the life cycle of a Ksplice update.

Figure 1.1 Life Cycle of a Ksplice Update

The diagram illustrates the steps in the life cycle of a Ksplice update. When a critical bug or security vulnerability is discovered in the Linux kernel, Oracle makes a new kernel release and prepares a rebootless update corresponding to that release. The rebootless update is securely distributed and applied to your systems with zero downtime. Your infrastructure is again up to date and secure.


The Ksplice Uptrack API does not currently support user-space updates. An enhanced version of the online Ksplice client is available that can patch shared libraries for user-space processes that are running on an Oracle Linux 6 or Oracle Linux 7 system. For more information, see Section 3.1, “About the Ksplice Enhanced Client”.