We have 3 option here either to exlude or lock the package or be blocking from replaced and updating with recent version.

1. Configuration file exclude

The method is simple. Open /etc/dnf/dnf.conf as root and add exclude= parameter. for example, here I show my current configuration file:

$ cat /etc/dnf/dnf.conf 
[main]
gpgcheck=1
installonly_limit=5
clean_requirements_on_remove=True
fastestmirror=true
deltarpm=true
exclude=kernel-5.2.17-200.fc30, kernel-core-5.2.17-200.fc30, kernel-devel-5.2.17-200.fc30, kernel-modules-5.2.17-200.fc30, kernel-modules-extra-5.2.17-200.fc30

Package names are separated by a comma. Shell globs using wildcards (eg. * and ?) are allowed.

2. Locking the package version with versionlock

You need to install versionlock before you can use, just simply run sudo dnf install 'dnf-command(versionlock)' on your terminal.

then you can lock specific package that already installed on your system. For example:

$ sudo dnf versionlock add kernel-5.2.17-200.fc30

If you want to remove the locked version, use the delete option:

$ sudo dnf versionlock delete kernel-5.2.17-200.fc30

3. DNF update command line flag --exclude

The update command accepts a package name to exclude for updating package. For example you can run the following commands

$ sudo dnf update --exclude=firefox
$ sudo dnf update --exclude=kernel*

You can use wildcard to match several package together from been replace or update.

WHY??

Sometimes we need specific kernel modules compiled to better handle something for example Oracle VirtualBox which using older kernel than the current recent on fedora. In other case, some people want to keep old and outdate software because it works fine compare to newer version.

Anyway, this just a personal references. You need to be caution about risk of using outdated kernel or package.