« Back to Frequently Asked Questions

What is a tainted kernel

Linux uses the concept of a tainted kernel when specific events occurred. The word tainted means it is contaminated or polluted. Not in an environmental way, but in the sense that proper troubleshooting is no longer possible. Or not as reliable as one would like it to be.

Running a tainted kernel is not a problem usually. It is just a marker that something happened on the system itself. As long as a system is running stable, then one could accept continuing running in this state.

Causes

There are multiple causes why the kernel was marked as tainted. For example when live patching is used, parts of the kernel are swapped out or redirected. As this would seriously complicate debugging, the kernel marks itself tainted to indicate that reliable troubleshooting is not possible.

Resolving the issue

The easiest and only way to clear the tainted state is a simple reboot of the system.

Before you do the reboot, you may want to know the specific reason why the kernel was tainted in the first place.

Related sysctl keys

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon