Why kernel are updated regularly, even more frequent than os releases

You observation of more regular kernel updates is partly the fault of the kernel being one giant blob of stuff that needs to work very well with the (in Ubuntu case, apt) package system (or your system will be unbootable!)

While various software bugs and security flaws serious enough to push an update are only affecting those with the respective software installed, everyone using GNU/Linux will have the Linux kernel installed. So while various apps get various updates - everyone gets the kernel updates. Consequently, each individual gets many kernel updates but only few other software updates in comparison - simply because his system has only specific software installed.

  1. There is a terrible flaw in some RAID driver that will occasionally render important data unreadable? Ubuntu must ship an update, for anyone potentially affected = everyone using a kernel version including the fault = probably everyone using a supported version of Ubuntu.

  2. A terrible flaw in the MP4 module of the nginx web server is discovered, potentially allowing a third party to take over a streaming server? Most Ubuntu users do not get an update, even most who are using nginx are not getting, because they do not have that specific module installed, and only the package containing that module need to receive a security update.

  3. A terrible flaw in Windows is discovered, making user applications using the Windows System certificate store accept malicious certificates and consequently disclose some of their meant-to-be encrypted traffic. Since patchday was last week, application vendors will work around the bug until next month. A single kernel update is shipped for all collected updates then, also creating some illusion of fewer updates.

  4. A terrible flaw in a user application on Windows is discovered. Since Windows does not have a package manager, nobody notices. The user reinstalls his machine months later, when realizing he was part of a large botnet.

Rule of thumb: If you don’t need feature updates, use the Long-Term-Support (LTS) updates. All updates shipped to those version are, to some extent, important bug and/or security fixes.


Another note on the frequency of updates on Linux distribution in general and Ubuntu specifically: The way Microsoft and apple deploy updates is, from a security standpoint terrible. It's not that they do better software and need fewer updates, it's that they deploy updates from an economic standpoint, which means they usually don’t, even though some users (but not a economically relevant share) is affected by bad bugs.

On Linux, you see security flaws fixed within hours of being known. On some proprietary systems, maintaining companies ask security engineers to withhold information about flaws from the public for 3 months (e.g. Microsoft) and only responsibly release those until a fix is released in the usual cycle, e.g once monthly (e.g. Microsoft).

Think about the implications of security flaws getting fixed in a well-planned, but SLOW way versus the way Linux does it: best-effort as fast as possible. You'll understand why many admins prefer the open-source and Linux approach, despite increased update frequency and all potential problems such comes with.

TL;DR: Fast an frequent updates are a good thing, as long as their installation is undisruptive and seldom causing fails in automatic mode.


Note: Kernel updates will become less of a hassle in the future. Architecture for handling installation and removal of older versions via apt is being improved right now, also various Linux distributions are eyeing and/or exploring methods of deploying smaller fixes as live-patches that can be applied to a more-or-less "running" system without you needing to care a lot about it.


This might also be why it seems so much more stable. Remember every windows or mac update there are a lot of complaints about everything breaking. If there are minor bugs with the changes and there are less of them at once it results in less stuff breaking.

Imagine if all of the fixes came at once and each had issues from untested use cases, and maybe even some of them are made worse by other unrelated changes.Updates sometimes break stuff for me however they generally feel minor and are seem easier to fix when I am on a linux distro like arch which updates a lot.