6

I have been using ubuntu for almost 2 years now and I always encounter guides on the internet on how to uninstall old kernel versions. Even here in Ask Ubuntu there are many questions in this way.

My question is: Must I do so? Are there problems or could it be dangerous to leave these old versions installed? Are there any advantages?

Edit:

Just two points to clarify the question:

Community
  • 1
James
  • 195

7 Answers7

20

You do not have to leave old kernels, and you do not have to remove them.

Old kernels just take space of your HDD. That's it. You can have one or two old kernels installed just in case you want to boot with one of them.

Old kernels do not affect a working system in any way.

So it is 100% SAFE to leave old kernels installed if this was the question. They will not be used unless you deliberately boot with one of them.

Pilot6
  • 90,100
  • 91
  • 213
  • 324
  • This is the 100 % correct answer on this question ... so upvoted ! :) – cl-netbox Nov 23 '15 at 16:00
  • 2
    @cl-netbox This answer is correct, it is however incomplete. It doesn't mention that the more kernels you have installed the slower it will be to install or remove a kernel. This is due to the GRUB scripts having to run over all the kernel versions each time one has been added or removed. This is particular annoying once you run out of space and decide it is time to delete a two-digit number of old kernel versions. – kasperd Nov 23 '15 at 20:27
  • It won't take more time to install or remove a kernel. It will take more time to remove ALL old kernels if there are many of them. That is obvious. – Pilot6 Nov 23 '15 at 20:32
  • 2
    actually - as the system insists on completely configuring grub on the removal of every single kernel @kasperd is right. – guntbert Nov 24 '15 at 08:11
  • Configuring grub does not take much time. The time consuming process is update-initramfs. But if you install one kernel, it is updated once. As I said, it will take more time to remove ALL kernels, but won't sufficiently affect installation or removal time of one kernel. – Pilot6 Nov 24 '15 at 11:29
  • @Pilot6 I was talking about removal of several kernels. – guntbert Nov 24 '15 at 12:50
8

The only problem you get by keeping all the old kernels is space. Every kernel-image along with the headers takes about 300 MB.

Eventually this can fill the partition and make security updates impossible.

You always want to keep at least one older kernel to have a fallback just in case.

guntbert
  • 13,134
  • 3
    I'd like to highlight the second sentence as it has bitten me, too. I had /boot as a separate partition and when it fills up, it becomes an annoyance. If I install from fresh again, I try not to create a /boot partition. As for the OP's query, the old kernels are just files -- perhaps the label "kernel" makes them scarier than they actually are. – Ray Nov 23 '15 at 14:08
  • I've encountered this as well on a way-too-small /boot partition. Quite annoying. – llogan Nov 24 '15 at 06:49
2

If you have a normal Ubuntu set up, and if you regularly run sudo apt-get autoremove, apt-get suggests the removal of older kernels. All you have to do is to reply "Yes"! The script that is responsible for the removal of older kernels always ensures that you have at least one fallback kernel available in case the newest one is not suitable to you.

The script I mentioned above is to be found here: /etc/kernel/postinst.d/apt-auto-removal. To quote from there:

# Author: Steve Langasek 
#
# Mark as not-for-autoremoval those kernel packages that are:
#  - the currently booted version
#  - the kernel version we've been called for
#  - the latest kernel version (determined using rules copied from the grub
#    package for deciding which kernel to boot)
#  - the second-latest kernel version, if the booted kernel version is
#    already the latest and this script is called for that same version,
#    to ensure a fallback remains available in the event the newly-installed
#    kernel at this ABI fails to boot
# In the common case, this results in exactly two kernels saved, but it can
# result in three kernels being saved.  It's better to err on the side of
# saving too many kernels than saving too few.
DK Bose
  • 42,548
  • 23
  • 127
  • 221
1

It is possible, though not very plausible that leaving old kernels installed is a security risk.

New kernel versions generally patch security problems. When you boot into a new kernel, you should be protected against these security problems.

Here's a scenario in which it would be possible to exploit this:

  1. Attacker can remove kernels from your boot partition.
  2. Attacker removes newer kernel versions, forcing the user to boot the older, unpatched kernel.
  3. Attacker gets user to boot older kernel.
  4. Once booted, the attacker uses the vulnerability to gain access to the machine.

This is possible, though not very plausible: generally if an attacker has access to your machine, you're going to have a bad day. He could almost as easily compromise your initramfs, even with full disk encryption enabled, and install a keylogger or worse.

Naftuli Kay
  • 4,226
1

Yes, it could be - if the console is accessible and the grub menu allows choosing which kernel to boot (not editing options, just choosing which one). If this is true, an unprivileged user could select an old kernel (either by rebooting the machine if they are allowed to do so, pulling the plug and restarting, or happening to be at the console when it boots) and proceed to exploit a local root escalation bug that's patched in the new kernel (random example: CVE-2012-0056).

When new kernels containing security updates are installed, you should either remove the old ones or ensure they cannot be selected for booting by a malicious user.

nobody
  • 113
  • 1
    If user has access to the boot menu they can just boot from a USB stick and take over the system. – Brice M. Dempsey Nov 24 '15 at 07:49
  • I'm not talking about the BIOS/EFI boot device selection menu, just the grub menu. It's possible (and common) for the grub menu to allow choice of kernel (but not alternate boot devices). The grub menu is totally independent and can still be available even if the BIOS/EFI menu is totally locked down. – nobody Nov 24 '15 at 12:07
1

I see no danger at all in leaving old kernels in place - just having said that you take care for enough space under /boot, also for future needs.
But I have a special reason for keeping always one old kernel, one that does not get patches any more: oft it happens to me, that the newest active kernel gets patched, and then this one fails to start an important service - it is oft the wireless support. Then I reboot from my old spare kernel, and then reinstall the failing newer kernel, and everything works again.
The seasoned kernel brings only marginal danger: I use it only for short repairs!

prometheos
  • 311
0

Having at least a previous Kernel can be positive in case of bad configurations or weird crashes. Which happen in Linux and since the OS is not OEM then there's no recovery system unless you make it beforehand. In the same page the crash or bad configuration can be so bad that it can't get fixed by falling back.

You can visit on using BTRFS snapshots AskUbuntu

Community
  • 1
userDepth
  • 2,010