Just noticed that CentOS 7 is using Kernel 3.10 which was maintained from August 2013 to November 2017 so it's basically EOL.
I know that CentOS doesn't update Kernel versions between minor CentOS releases which is the reason for it having this old and now unsupported Kernel.
How does this work in general? What if a vulnerability or a serious bug is found?
When the Kernel was still supported, it would have been fixed by the Kernel maintainers and then I guess CentOS could have backported it.
Now that the Kernel is EOL doesn't this leave all the Enterprises using CentOS 7 kind of screwed?
Could someone explain this?
Best Answer
CentOS backports security patches to it's products throughout it's maintenance lifecycle. CentOS 7 will be supported for maintenance updates through June 2024, which means they will continue security patches until then. Do not confuse upstream kernel support with the support from the distribution maintainers.
Fore more info, see this: https://wiki.centos.org/About/Product
EDIT: here is a (truncated) list of security patches in the most recent CentOS 7 kernel package:
There are many, many more patched that have been introduced since CentOS 7 was originally introduced. This is just a small sample of the most recent ones.