Container-Optimized OS Release Notes: Milestone 121

cos-121-18867-294-25

Updated app-containers/runc to v1.2.8.

Added support for the Lustre 2.14.0_p224 drivers.

Backported an upstream commit to fix high CPU usage when trying to find suitable blocks in ext4 fs.

Runtime sysctl changes:

• Changed: fs.file-max: 811813 -> 811764

cos-121-18867-294-17

Runtime sysctl changes:

• Changed: fs.file-max: 811792 -> 811813

Fixed CVE-2025-40083 in the Linux kernel.

Upgraded sys-apps/makedumpfile to v1.7.8.

Fixed a race condition where unmounting file systems monitored by inotify or fanotify could result in kernel crash.

Upgraded sys-apps/pv to v1.9.44.

Fixed CVE-2025-40078 in the Linux kernel.

cos-121-18867-294-12

Fixed CVE-2025-40105 in the Linux kernel.

Fixed CVE-2025-40099 in the Linux kernel.

Fixed CVE-2025-40103 in the Linux kernel.

Fixed bcache latency spikes.

Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.

Runtime sysctl changes:

• Changed: fs.file-max: 811785 -> 811792

Fixed CVE-2025-40040 in the Linux kernel.

cos-121-18867-294-8

Fixed CVE-2025-38073 in the Linux kernel.

Added support for NVIDIA driver v535.274.02 and v570.195.03.

Fixed CVE-2025-11413,11414 in binutils-libs.

Runtime sysctl changes:

• Changed: fs.file-max: 811835 -> 811785

cos-121-18867-294-2

Upgraded dev-db/sqlite to v3.50.3.

Upgraded sys-apps/less to v685.

Upgraded dev-libs/expat to v2.7.3.

Reduced gcr_wait_online retry gap.

Upgraded dev-lang/go to v1.23.12.

Fixed CVE-2025-11495 in binutils-libs.

Upgraded app-admin/sudo to v1.9.17_p2.

Upgraded sys-apps/pv to v1.9.42.

Upgraded app-admin/google-guest-configs to v20250805.00.

Fixed CVE-2025-11494 in binutils-libs.

Fixed CVE-2025-11412 in binutils-libs.

Upgraded sys-auth/pambase to v20250906.

Upgraded sys-apps/hwdata to v0.400.

Updated app-containers/runc to v1.2.7.

cos-121-18867-199-105

Added task information collection to sosreports.

Fixed CVE-2025-39977 in the Linux kernel.

Fixed CVE-2025-39980 in the Linux kernel.

Fixed CVE-2025-39970 in the Linux kernel.

Fixed CVE-2025-39968 in the Linux kernel.

Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.

Fixed KCTF-cd8ae32 in the Linux kernel.

Fixed CVE-2025-39969 in the Linux kernel.

Fixed CVE-2025-39972 in the Linux kernel.

Fixed CVE-2025-39971 in the Linux kernel.

Fixed CVE-2025-39975 in the Linux kernel.

Fixed CVE-2025-39998 in the Linux kernel.

Fixed CVE-2025-39961 in the Linux kernel.

Fixed KCTF-6bb73db in the Linux Kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811792 -> 811798

cos-121-18867-199-98

Partially fixed an issue where excessive contention among writeback kworkers when switching a large number of inodes between cgroups could lead to system unresponsiveness.

Fixed KCTF-134121b in the Linux kernel.

Fixed CVE-2025-39931 in the Linux kernel.

Updated toolbox container image tag to v20251002.

Runtime sysctl changes:

• Changed: fs.file-max: 811724 -> 811792

Fixed CVE-2025-41244 in app-emulation/open-vm-tools in anthos variant.

Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.

Upgraded app-admin/node-problem-detector to v0.8.22.

Fixed CVE-2025-39953 in the Linux kernel.

Fixed CVE-2025-39947 in the Linux kernel.

Added support for NVIDIA driver v580.95.05. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.95.05.

Upgraded sys-apps/hwdata to v0.399.

Fixed CVE-2025-23143 in the Linux kernel.

cos-121-18867-199-88

Fixed CVE-2025-50181 in dev-python/urllib3.

Fixed CVE-2025-39882 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811826 -> 811724

Fixed CVE-2025-39911 in the Linux kernel.

Fixed CVE-2025-39886 in the Linux kernel.

Fixed CVE-2025-39914 in the Linux kernel.

Fixed CVE-2025-22106 in the Linux kernel.

Fixed CVE-2025-39913 in the Linux kernel.

Add support for NVIDIA MFT Tools v4.33.0.

Fixed KCTF-1b34cbb in the Linux kernel.

cos-121-18867-199-80

Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.

Fixed KCTF-0aeb54a in the Linux Kernel.

Updated golang.org/x/oauth2, golang.org/x/net, golang.org/x/crypto, and github.com/golang-jwt/jwt/v5 in Docker.

Fixed CVE-2025-39881 in the Linux kernel.

Fixed CVE-2025-39883 in the Linux kernel.

Fixed CVE-2025-40300 in the Linux kernel.

cos-121-18867-199-73

Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714.

Added support for NVIDIA driver v580.82.07. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.82.07.

Upgraded dev-libs/libxslt to version 1.1.43-r1.

Updated cos-gpu-installer to v2.5.7.

Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.

Runtime sysctl changes:

• Changed: fs.file-max: 811710 -> 811752

cos-121-18867-199-65

Updated the Linux kernel to v6.6.105.

Fixed CVE-2025-38528 in the Linux kernel.

Fixed CVE-2025-38639 in the Linux kernel.

Fixed CVE-2025-38588 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811710

Fixed CVE-2025-38645 in the Linux kernel.

Fixed CVE-2025-38349 in the Linux kernel.

Fixed CVE-2025-38608 in the Linux kernel.

Fixed CVE-2025-38572 in the Linux kernel.

Fixed CVE-2025-38550 in the Linux kernel.

Added support for NVIDIA MFT Tools on arm64.

Fixed CVE-2025-38568 in the Linux kernel.

Fixed CVE-2025-38563 in the Linux kernel.

Fixed CVE-2025-38622 in the Linux kernel.

Added GDRCopy kernel module for NVIDIA drivers.

Fixed CVE-2025-38539 in the Linux kernel.

Fixed CVE-2025-38640 in the Linux kernel.

Fixed CVE-2025-39782 in the Linux kernel.

cos-121-18867-199-56

Fixed CVE-2025-38351 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811774 -> 811788

Upgraded sys-apps/file to v5.46-r3.

cos-121-18867-199-52

Fixed KCTF-62708b9 in the Linux kernel.

Fixed KCTF-aba0c94 in the Linux kernel.

Fixed CVE-2025-6052 in dev-libs/glib.

Upgraded sys-apps/hwdata to v0.398.

Fixed KCTF-6db015f in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811817 -> 811774

cos-121-18867-199-43

Fixed KCTF-abad3d0 in the Linux kernel.

Added IPv6 support for machines using the IDPF driver.

Runtime sysctl changes:

• Changed: fs.file-max: 811736 -> 811817

Disabled DNSSEC by default for COS TPU VMs.

Added support for the Lustre 2.14.0_p216 drivers.

cos-121-18867-199-38

Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.

Fixed KCTF-01d3c84 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811774 -> 811736

cos-121-18867-199-34

Runtime sysctl changes:

• Changed: fs.file-max: 811817 -> 811774

Fixed CVE-2025-38499 in the linux kernel.

cos-121-18867-199-28

Updated containerd to v2.0.6.

Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.

Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.

Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.

Upgraded net-nds/rpcbind to v1.2.7.

Upgraded virtual/logger to v0-r2.

Runtime sysctl changes:

• Changed: fs.file-max: 811826 -> 811817

Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.

Upgraded app-containers/docker-credential-helpers to v0.9.3.

Upgraded app-admin/google-guest-configs to v20250516.00.

Updated app-containers/cni-plugins to 1.7.1.

Upgraded dev-lang/go to v1.23.9.

Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.

Upgraded sys-libs/libcap to v2.76.

LTS Refresh from main-R121-cos-6.6 to release-R121-cos-6.6

Fixed an issue where the cpuidle driver selected for some machine types would cause inflated reports of high CPU usage.

Upgraded sys-apps/pv to v1.9.34.

Upgraded sys-libs/libseccomp to v2.6.0-r2.

LTS Refresh from main-R121 to release-R121

Upgraded sqlite to v3.50.2. This resolves CVE-2025-6965.

Upgraded dev-libs/expat to v2.7.1.

Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.

Updated app-admin/node-problem-detector to 0.8.21.

Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.

Updated dev-python/requests to v2.32.4.

Upgraded sys-process/procps to v4.0.5-r2.

Upgraded app-arch/unzip to v6.0_p29.

Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.

Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.

kubernetes 1.32.4-gke.200

Upgraded dev-db/sqlite to v3.50.1.

Upgraded app-arch/gzip to v1.14.

Fixed CVE-2025-8058 in glibc.

Fixed KCTF-bfebdb8 in the kernel.

Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.

cos-121-18867-199-19

This is an LTS Refresh release.

Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.

Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.

Upgraded dev-libs/expat to v2.7.1.

Upgraded sqlite to v3.50.2. This resolves CVE-2025-6965.

Upgraded kubernetes to v1.32.4-gke.200.

Upgraded app-arch/gzip to v1.14.

Upgraded virtual/logger to v0-r2.

Upgraded sys-process/procps to v4.0.5-r2.

Upgraded dev-lang/go to v1.23.9.

Updated dev-python/requests to v2.32.4.

Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.

Upgraded sys-libs/libseccomp to v2.6.0-r2.

Upgraded app-arch/unzip to v6.0_p29.

Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.

Upgraded dev-db/sqlite to v3.50.1.

Upgraded sys-libs/libcap to v2.76.

Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.

Fixed an issue where the cpuidle driver selected for some machine types would cause inflated reports of high CPU usage.

Runtime sysctl changes:

• Changed: fs.file-max: 811826 -> 811817

Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.

Upgraded net-nds/rpcbind to v1.2.7.

Upgraded app-containers/docker-credential-helpers to v0.9.3.

Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.

Upgraded app-admin/google-guest-configs to v20250516.00.

cos-121-18867-90-106

Upgraded sys-process/lsof to v4.99.5.

Fixed KCTF-5e28d5a in the Linux kernel.

Fixed CVE-2024-26130 in dev-python/cryptography.

Patched openssl to fix CVE-2023-50782 affecting dev-python/crytography.

Updated app-misc/jq to v1.8.1.

The NFS access cache is no longer cleared on login by default. To use the old behavior, load the NFS module with the nfs_fasc=1 module parameter.

Fixed a kernel bug which caused some NVME disk IO errors to be ignored, potentially resulting in dropped writes.

Runtime sysctl changes:

• Changed: fs.file-max: 811784 -> 811826

cos-121-18867-90-97

Added ARM support for the Lustre 2.14.0 drivers.

Fixed CVE-2024-6174 and CVE-2024-11584 in cloud-init.

Fixed an issue where some workloads could cause a full system hang when running close to their memory limit.

Runtime sysctl changes:

• Changed: fs.file-max: 811807 -> 811784

Updated the NVIDIA GPU driver policy for New Feature Branch (NFB) drivers. The LATEST tag has been updated to point to the stable 570.133.20 Production Branch. The 575.57.08 NFB driver remains available for development and testing but must now be selected by its specific version number. Removed 575.57.08 NFB driver support for NVIDIA_GB200 machine.

Fixed KCTF-103406b in the Linux kernel.

cos-121-18867-90-85

Updated google-guest-agent to v20250701.01.

Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.

Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.

Upgraded nvidia-container-toolkit to v1.17.8. This fixes CVE-2025-23266.

cos-121-18867-90-77

Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.

cos-121-18867-90-75

Added support for the Lustre 2.14.0_p212 drivers.

Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.

Upgraded sys-apps/less to v679.

Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.

Runtime sysctl changes:

• Changed: fs.file-max: 811798 -> 811807

Updated the Linux kernel to v6.6.93. This includes mitigations for CVE-2024-28956, which may negatively impact the performance of Intel machine types.

cos-121-18867-90-67

Fixed KCTF-d35acc1 in the Linux kernel.

Added a kernel patch to address bcache latency.

Runtime sysctl changes:

• Changed: fs.file-max: 811824 -> 811798

cos-121-18867-90-62

Runtime sysctl changes:

• Changed: fs.file-max: 811798 -> 811824

Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.

cos-121-18867-90-59

Fixed CVE-2025-47273 in dev-python/setuptools.

Added support for the Lustre 2.14.0_p198 drivers.

Updated systemd to v254.26. This resolves CVE-2025-4598.

Added support for Nvidia driver version 575.57.08.

Fixed CVE-2025-37800 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811741 -> 811798

Fixed CVE-2024-43840 in the Linux kernel.

Fixed KCTF-ac9fe7d in the kernel.

Fixed CVE-2025-37803 in the Linux kernel.

Updated cos-gpu-installer to v2.5.3.

cos-121-18867-90-38

Fixed KCTF-8478a72 in the Linux kernel.

Fixed CVE-2024-23337 in app-misc/jq.

Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.

Upgraded sys-apps/less to v678.

Fixed KCTF-3f98113 in the Linux kernel.

cos-121-18867-90-32

Support NVIDIA MFT Tools on COS.

Fixed CVE-2025-46836 in sys-apps/net-tools.

Inject IMEX channel char device for GB200 GPUs.

Fixed CVE-20250-3198 in sys-libs/bintuils-libs.

Runtime sysctl changes:

• Changed: fs.file-max: 811834 -> 811792

Fixed KCTF-b3bf8f6 in the Linux kernel.

cos-121-18867-90-27

Increased kdump memory reservation.

Fixed docker MTU mismatch.

cos-121-18867-90-23

Fixed KCTF-3df275e in the Linux kernel.

Upgraded app-admin/google-guest-configs to v20250501.00.

Updated apparmor to 3.1.6. This fixes CVE-2016-1585.

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811731

Added support for 7th generation TPU devices.

Fixed issue where modinfo could not display module signatures.

cos-121-18867-90-15

Upgraded sys-apps/grep to v3.12.

Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.

Runtime sysctl changes:

• Changed: fs.file-max: 811806 -> 811788

Fixed KCTF-342debc in the Linux kernel.

Updated NVIDIA GPU drivers to v535.247.01 for default/ R535 and v570.133.20 for latest/R570. This resolves CVE-2025-23244.

Upgraded net-dns/libidn2 to v2.3.8.

Upgraded sys-apps/makedumpfile to v1.7.7.

cos-121-18867-90-4

This is an LTS Refresh Release.

Upgraded sys-libs/libseccomp to v2.6.0.

Fixed an issue in containerd that prevented some v2 shims from shutting down properly.

Upgraded app-admin/google-guest-agent to v20250304.03.

Upgraded app-containers/docker-registry-test to v2.8.3.

Upgraded sys-auth/pambase to v20250228.

Upgraded dev-libs/double-conversion to v3.3.1.

Updated dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.

Upgraded dev-lang/go to v1.23.8.

Upgraded app-admin/google-guest-configs to v20250221.00.

Upgraded dev-db/sqlite to v3.49.1.

Fixed CVE-2025-32728 in net-misc/openssh.

Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349

Upgraded app-containers/docker-credential-helpers to v0.9.2.

Upgraded sys-apps/acl to v2.3.2-r2.

Runtime sysctl changes:

• Changed: fs.file-max: 811714 -> 811806

Upgraded app-admin/google-guest-configs to v20250124.00.

Fixed an issue in containerd that potentially breaks metric collection

cos-121-18867-0-104

Fixed CVE-2025-21908 in the Linux kernel.

Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.

Fixed CVE-2025-21991 in the Linux kernel.

Fixed CVE-2025-21962 in the Linux kernel.

Fixed CVE-2025-21980 in the Linux kernel.

Fixed CVE-2025-22005 in the Linux kernel.

Fixed CVE-2025-21922 in the Linux kernel.

Fixed CVE-2025-31498 in net-dns/c-ares.

Runtime sysctl changes:

• Changed: fs.file-max: 811714 -> 811816

Fixed CVE-2025-21919 in the Linux kernel.

Fixed CVE-2025-21963 in the Linux kernel.

Fixed CVE-2024-48615 in app-arch/libarchive.

Fixed CVE-2025-21964 in the Linux kernel.

Fixed CVE-2025-21920 in the Linux kernel.

Fixed CVE-2025-21997 in the Linux kernel.

Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.

Fixed CVE-2025-21959 in the Linux kernel.

Fixed CVE-2025-21898 in the Linux kernel.

cos-121-18867-0-94

Updated app-containers/containerd to v2.0.4.

Fixed CVE-2025-21812 in the Linux kernel.

Fixed CVE-2025-21853 in the Linux kernel.

Fixed CVE-2024-58070 in the Linux kernel.

Fixed CVE-2025-21726 in the Linux kernel.

Fixed CVE-2025-21887 in the Linux kernel.

Upgraded sys-apps/diffutils to v3.11-r2.

Fixed CVE-2025-21759 in the Linux kernel.

Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.

Fixed CVE-2025-21760 in the Linux kernel.

Fixed CVE-2024-57979 in the Linux kernel.

Fixed CVE-2025-21796 in the Linux kernel.

Fixed KCTF-0c3057a in the Linux kernel.

Fixed CVE-2025-21763 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811827 -> 811714

Fixed CVE-2025-21999 in the Linux kernel.

Fixed CVE-2024-50138 in the Linux kernel.

Fixed CVE-2025-21867 in the Linux kernel.

Fixed CVE-2025-21727 in the Linux kernel.

Fixed CVE-2025-21764 in the Linux kernel.

Fixed EINTR error in app-container/cni-plugins.

Fixed CVE-2024-58083 in the Linux kernel.

Fixed CVE-2025-21762 in the Linux kernel.

cos-beta-121-18867-0-75

Updated dev-libs/expat to v2.7.0. This fixes CVE-2024-8176.

Runtime sysctl changes:

• Changed: fs.file-max: 811789 -> 811827

Fixed CVE-2024-57977 in the Linux kernel.

cos-beta-121-18867-0-73

Fixed CVE-2025-21779 in the Linux kernel.

Updated dev-python/s3transfer to v0.11.4.

Fixed KCTF-647cef2 in the Linux kernel.

Fixed CVE-2025-21854 in the Linux kernel.

Upgraded app-admin/node-problem-detector to v0.8.20.

Upgraded sys-apps/which to v2.23.

Fixed CVE-2024-57996 in the Linux kernel.

Added support for NVIDIA 570.124.06 GPU driver. Updated the LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.

Updated dev-python/python-dateutil to v2.9.0.

Upgraded sys-apps/pv to v1.9.31.

Fixed CVE-2025-21785 in the Linux kernel.

Added support for the Lustre 2.14.0 client drivers.

Fixed CVE-2025-21716 in the Linux kernel.

Fixed CVE-2025-21863 in the Linux kernel.

Fixed a race condition that could cause a kernel panic.

Fixed an issue that resulted in missing grub boot measurements in some machine configurations.

Fixed CVE-2025-21858 in the Linux kernel.

Fixed CVE-2025-21844 in the Linux kernel.

Fixed CVE-2025-21846 in the Linux kernel.

Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.

Updated app-admin/awscli to v1.38.4.

Fixed CVE-2025-21864 in the Linux kernel.

Updated Python to v3.11.

Runtime sysctl changes:

• Changed: fs.file-max: 811701 -> 811789

Updated dev-python/botocore to v1.37.9.

Fixed CVE-2025-21791 in the Linux kernel.

Fixed CVE-2024-58088 in the Linux kernel.

Fixed CVE-2025-21857 in the Linux kernel.

Fixed CVE-2024-58005 in the Linux kernel.

cos-beta-121-18867-0-53

Fixed CVE-2024-58017 in the Linux kernel.

Fixed CVE-2024-56549 in the Linux kernel.

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811701
• Deleted: net.bridge.bridge-nf-call-arptables: 1
• Deleted: net.bridge.bridge-nf-call-ip6tables: 1
• Deleted: net.bridge.bridge-nf-call-iptables: 1
• Deleted: net.bridge.bridge-nf-filter-pppoe-tagged: 0
• Deleted: net.bridge.bridge-nf-filter-vlan-tagged: 0
• Deleted: net.bridge.bridge-nf-pass-vlan-input-dev: 0

Upgraded net-misc/wget to version 1.25.0. This fixes CVE-2024-10524.

Fixed KCTF-8802766 in the Linux kernel.

Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.

Applied Intel patches to add iRDMA support in the Linux kernel.

Fixed CVE-2024-50146 in the Linux kernel.

Fixed CVE-2024-49994 in the Linux kernel.

Fixed KCTF-638ba50 in the Linux kernel.

Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.

Fixed CVE-2025-21690 in the Linux kernel.

Upgraded dev-libs/libxml2 to version 1.12.10. This fixes CVE-2025-27113.

Fixed CVE-2025-21814 in the Linux kernel.

Fixed CVE-2024-50304 in the Linux kernel.

Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.

Fixed CVE-2025-21745 in the Linux kernel.

Fixed KCTF-fcdd224 in the Linux kernel.

Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.

Fixed CVE-2024-50017 in the Linux kernel.

Added support for iRDMA devices.

Upgraded sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.

Fixed CVE-2024-50014 in the Linux kernel.

Upgraded dev-go/oauth2 to v0.27.0. This fixes CVE-2025-22868.

Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.

Upgraded net-misc/socat to v1.8.0.3.

cos-beta-121-18867-0-24

Upgraded net-misc/openssh to v9.9_p1.

New Features and Changes in the Linux Kernel:

Removed dev-python/jaraco-context.

Upgraded app-admin/fluent-bit to v3.2.5-r1.

Upgraded app-containers/runc to v1.2.4-r1.

Updated sys-fs/xfsprogs to v6.9.0.

Updated net-libs/libtirpc to v1.3.6.

Updated dev-libs/expat to v2.6.4.

Updated sys-apps/gentoo-functions to v1.7.3.

Removed dev-python/zipp.

Updated net-libs/libnetfilter_conntrack to v1.1.0.

Upgraded app-containers/cri-tools to v1.31.1-r1.

Removed support for R550, R560, and R565 Nvidia drivers.

Upgraded app-containers/containerd to v2.0.2-r1.

Updated chromeos-base/crash-reporter to v0.0.1-r4257.

Removed dev-python/wheel.

Removed dev-python/trove-classifiers.

Updated chromeos-base/minijail to v18-r158.

Upgraded app-admin/google-guest-agent to v20250204.02-r1.

Updated dev-libs/nss to v3.107.

Updated chromeos-base/update_engine to v0.0.3-r4806.

Added support for nftables flow offload and the flowtable infrastructure.

Removed dev-python/autocommand.

New Features and Changes in the Image:

Updated chromeos-base/chromeos-common-script to v0.0.1-r656.

Removed dev-go/protobuf.

Upgraded app-containers/docker to v25.0.7.

Removed dev-python/webcolors.

Removed dev-go/appengine.

Removed dev-python/zope-interface.

Removed dev-python/jaraco-text.

Removed dev-python/setuptools.

Upgraded app-admin/google-osconfig-agent to v20250121.00-r1.

Updated dev-db/sqlite to v3.47.2.

Removed chromeos-base/chromeos-ec-headers.

Removed dev-python/importlib_resources.

Updated chromeos-base/power_manager-client to v0.0.1-r2960.

Updated chromeos-base/session_manager-client to v0.0.1-r2816.

Removed dev-python/ordered-set.

Removed dev-go/protobuf-legacy-api.

Removed dev-python/typing-extensions.

Updated sys-libs/libcap to v2.71.

Updated chromeos-base/update_engine-client to v0.0.1-r2469.

Removed dev-python/tomli.

Removed dev-python/setuptools_scm.

Updated app-admin/extensions-manager to v0.0.1-r58.

Removed virtual/libusb.

Removed dev-python/pydantic.

Updates to Major Packages:

Removed the capability to change the kernel's preemption model on the kernel command line.

Removed sys-libs/libselinux.

Updates to Minor Packages:

Removed dev-libs/libusb.

Updated sys-libs/libseccomp to v2.5.5-r2.

Upgraded app-emulation/cloud-init to v24.4.1-r1.

Upgraded app-containers/cni-plugins to v1.6.2-r1.

Removed dev-python/platformdirs.

Removed chromeos-base/libec.

Updated net-dns/c-ares to v1.34.4.

Updated chromeos-base/debugd-client to v0.0.1-r2725.

Removed sys-libs/libsepol.

Updated sys-apps/diffutils to v3.11.

Updated sys-apps/pv to v1.9.27.

Updated app-admin/sudo to v1.9.16_p2-r1.

Updated sys-apps/flashrom to v0.9.9-r1626.

Upgraded app-admin/oslogin to 20241216.00-r1.

Updated dev-go/oauth2 to v0.23.0-r1.

Removed dev-python/jaraco-functools.

Removed dev-python/more-itertools.

Updated dev-python/chardet to v3.0.4-r2.

Removed chromeos-base/dlcservice-client.

Updated chromeos-base/shill-client to v0.0.1-r4812.

Removed dev-libs/confuse.

Removed dev-python/inflect.

Updated net-firewall/iptables to v1.8.10-r3.

Updated net-misc/curl to v8.11.1-r2.

Removed sys-libs/gdbm.

Removed dev-embedded/libftdi.