1. 2.4.X PaX (default)
2. 2.4.X grsecurity HIGH 2.X
3. 2.4.X generic

The modified kernels provide more sophisticated access control and stack protection for processes running on the CDROM. The PaX Kernel provides non-executable memory pages and full address space layout randomization (ASLR) for a wide variety of architectures. The Grsecurity Kernel is a complete security solution providing such features as a MAC or RBAC system, Chroot restrictions, address space modification protection (via PaX), auditing features, randomization features, linking restrictions to prevent file race conditions, ipc protections and much more. The Generic Kernel doesn't come with any additional security features. So, the boot loader lets you select different levels of host security according to your requirements. You can reference to Linux Kernel Hardening and Grsecurity papers for further information.