cos-117-18613-534-62

Security

Fixed CVE-2024-43826 in the Linux kernel.

Security

Fixed CVE-2025-38704 in the Linux kernel.

Security

Fixed CVE-2025-39748 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

cos-117-18613-534-53

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23351 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

cos-117-18613-534-48

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for loading the ublk kernel module.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

cos-117-18613-534-44

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

cos-117-18613-534-36

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38162 in the Linux kernel.

cos-117-18613-534-35

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3 and gdbus-codegen to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

cos-117-18613-534-24

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2025-61732 in dev-lang/go.

Security

Fixed KCTF-e3f000f in the Linux kernel.

cos-117-18613-534-15

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-6075 in python.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23209 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

cos-117-18613-534-2

Announcement

This is an LTS Refresh release.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.4.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded sys-libs/libcap to v2.77.

Security

Fixed CVE-2025-22121 in the Linux kernel.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23025 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23054 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4608 -> 4096

cos-117-18613-439-120

Security

Fixed CVE-2025-71148 in the Linux kernel.

Security

Fixed CVE-2025-71149 in the Linux kernel.

Security

Fixed CVE-2025-71151 in the Linux kernel.

Security

Fixed CVE-2025-71160 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-22976 in the Linux kernel.

Security

Fixed CVE-2026-22977 in the Linux kernel.

Security

Fixed CVE-2026-22979 in the Linux kernel.

Security

Fixed CVE-2026-22980 in the Linux kernel.

Security

Fixed CVE-2026-22988 in the Linux kernel.

Security

Fixed CVE-2026-22994 in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

cos-117-18613-439-108

Fixed

Installed app-misc/c_rehash, which was unintentionally removed after the dev-libs/openssl update.

Fixed

Upgraded sys-apps/less to v691.

Security

Fixed CVE-2024-49968 in the Linux kernel.

Security

Fixed CVE-2024-57982 in the Linux kernel.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-22111 in the Linux kernel.

Security

Fixed CVE-2025-38022 in the Linux kernel.

Security

Fixed CVE-2025-38129 in the Linux kernel.

Security

Fixed CVE-2025-68259 in the Linux kernel.

Security

Fixed CVE-2025-68261 in the Linux kernel.

Security

Fixed CVE-2025-68264 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-68337 in the Linux kernel.

Security

Fixed CVE-2025-68349 in the Linux kernel.

Security

Fixed CVE-2025-68363 in the Linux kernel.

Security

Fixed CVE-2025-68724 in the Linux kernel.

Security

Fixed CVE-2025-68740 in the Linux kernel.

Security

Fixed CVE-2025-68744 in the Linux kernel.

Security

Fixed CVE-2025-68756 in the Linux kernel.

Security

Fixed CVE-2025-68764 in the Linux kernel.

Security

Fixed CVE-2025-68775 in the Linux kernel.

Security

Fixed CVE-2025-68780 in the Linux kernel.

Security

Fixed CVE-2025-68782 in the Linux kernel.

Security

Fixed CVE-2025-68788 in the Linux kernel.

Security

Fixed CVE-2025-68794 in the Linux kernel.

Security

Fixed CVE-2025-68795 in the Linux kernel.

Security

Fixed CVE-2025-68798 in the Linux kernel.

Security

Fixed CVE-2025-68803 in the Linux kernel.

Security

Fixed CVE-2025-68813 in the Linux kernel.

Security

Fixed CVE-2025-68814 in the Linux kernel.

Security

Fixed CVE-2025-68816 in the Linux kernel.

Security

Fixed CVE-2025-68820 in the Linux kernel.

Security

Fixed CVE-2025-68821 in the Linux kernel.

Security

Fixed CVE-2025-71068 in the Linux kernel.

Security

Fixed CVE-2025-71077 in the Linux kernel.

Security

Fixed CVE-2025-71084 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2025-71096 in the Linux kernel.

Security

Fixed CVE-2025-71097 in the Linux kernel.

Security

Fixed CVE-2025-71098 in the Linux kernel.

Security

Fixed CVE-2025-71102 in the Linux kernel.

Security

Fixed CVE-2025-71104 in the Linux kernel.

Security

Fixed CVE-2025-71113 in the Linux kernel.

Security

Fixed CVE-2025-71118 in the Linux kernel.

Security

Fixed CVE-2025-71120 in the Linux kernel.

Security

Fixed CVE-2025-71123 in the Linux kernel.

Security

Fixed CVE-2025-71125 in the Linux kernel.

Security

Fixed CVE-2025-71131 in the Linux kernel.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Updated dev-libs/openssl to v3.0.19. This resolves CVE-2025-15467.

cos-117-18613-439-92

Security

Applied urllib3 patch for CVE-2024-37891.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

cos-117-18613-439-82

Fixed

Added bcache clock cache replacement policy.

cos-117-18613-439-81

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Security

Fixed CVE-2025-40346 in the Linux kernel.

Security

Fixed CVE-2025-40360 in the Linux kernel.

Security

Fixed CVE-2025-40361 in the Linux kernel.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-68171 in the Linux kernel.

Security

Fixed CVE-2025-68173 in the Linux kernel.

Security

Fixed CVE-2025-68178 in the Linux kernel.

Security

Fixed CVE-2025-68183 in the Linux kernel.

Security

Fixed CVE-2025-68185 in the Linux kernel.

Security

Fixed CVE-2025-68191 in the Linux kernel.

Security

Fixed CVE-2025-68198 in the Linux kernel.

Security

Fixed CVE-2025-68200 in the Linux kernel.

Security

Fixed CVE-2025-68208 in the Linux kernel.

Security

Fixed CVE-2025-68214 in the Linux kernel.

Security

Fixed CVE-2025-68219 in the Linux kernel.

Security

Fixed CVE-2025-68224 in the Linux kernel.

Security

Fixed CVE-2025-68229 in the Linux kernel.

Security

Fixed CVE-2025-68231 in the Linux kernel.

Security

Fixed CVE-2025-68241 in the Linux kernel.

Security

Fixed CVE-2025-68295 in the Linux kernel.

Security

Fixed CVE-2025-68321 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811737 -> 811699

cos-117-18613-439-72

Fixed

Backported upstream commit to reduce bcache gc latency.

Security

Fixed KCTF-f05a4f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811769 -> 811737

cos-117-18613-439-70

Security

Fixed CVE-2025-40328 in the Linux kernel.

Security

Fixed CVE-2025-40341 in the Linux kernel.

Security

Updated app-containers/containerd and app-containers/containerd-test to v1.7.29. This resolves CVE-2024-25621 and CVE-2025-64329.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811701 -> 811769

cos-117-18613-439-65

Feature

Added patches to handle IDPF tx timeouts.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Security

Fixed CVE-2025-21868 in the Linux kernel.

Security

Fixed CVE-2025-22103 in the Linux kernel.

Security

Fixed CVE-2025-38057 in the Linux kernel.

Security

Fixed CVE-2025-38678 in the Linux kernel.

Security

Fixed CVE-2025-40104 in the Linux kernel.

Security

Fixed CVE-2025-40220 in the Linux kernel.

Security

Fixed CVE-2025-40231 in the Linux kernel.

Security

Fixed CVE-2025-40248 in the Linux kernel.

Security

Fixed CVE-2025-40250 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-40268 in the Linux kernel.

Security

Fixed CVE-2025-40271 in the Linux kernel.

Security

Fixed CVE-2025-40272 in the Linux kernel.

Security

Fixed CVE-2025-40273 in the Linux kernel.

Security

Fixed CVE-2025-40292 in the Linux kernel.

Security

Fixed CVE-2025-40293 in the Linux kernel.

Security

Fixed CVE-2025-40297 in the Linux kernel.

Security

Fixed CVE-2025-40319 in the Linux kernel.

Security

Fixed CVE-2025-40320 in the Linux kernel.

Security

Fixed CVE-2025-40324 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811701

cos-117-18613-439-49

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for NVIDIA_RTX_PRO_6000, NVIDIA_GB200, NVIDIA_B200, and NVIDIA_H200 GPU types.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811751 -> 811788

cos-117-18613-439-45

Fixed

Fixed an issue in app-containers/runc that caused runc to use more file descriptors than intended.

Fixed

Set the default NVIDIA driver version to v535.274.02 for GPU types which previously had a default major version of 535. This includes NVIDIA_TESLA_V100, NVIDIA_TESLA_A100, NVIDIA_A100_80GB, NVIDIA_H100_80GB, NVIDIA_TESLA_P100, NVIDIA_L4, NVIDIA_TESLA_P4 and NVIDIA_TESLA_T4 GPU types.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.8.

Security

Fixed CVE-2025-40123 in the Linux kernel.

Security

Fixed CVE-2025-40125 in the Linux kernel.

Security

Fixed CVE-2025-40129 in the Linux kernel.

Security

Fixed CVE-2025-40153 in the Linux kernel.

Security

Fixed CVE-2025-40160 in the Linux kernel.

Security

Fixed CVE-2025-40167 in the Linux kernel.

Security

Fixed CVE-2025-40169 in the Linux kernel.

Security

Fixed CVE-2025-40173 in the Linux kernel.

Security

Fixed CVE-2025-40176 in the Linux kernel.

Security

Fixed CVE-2025-40178 in the Linux kernel.

Security

Fixed CVE-2025-40179 in the Linux kernel.

Security

Fixed CVE-2025-40183 in the Linux kernel.

Security

Fixed CVE-2025-40186 in the Linux kernel.

Security

Fixed CVE-2025-40190 in the Linux kernel.

Security

Fixed CVE-2025-40194 in the Linux kernel.

Security

Fixed CVE-2025-40196 in the Linux kernel.

Security

Fixed CVE-2025-40198 in the Linux kernel.

Security

Fixed CVE-2025-40200 in the Linux kernel.

Security

Fixed CVE-2025-40201 in the Linux kernel.

Security

Fixed CVE-2025-40206 in the Linux kernel.

Security

Fixed KCTF-60e6489 in the Linux Kernel.

Security

Fixed KCTF-b441cf3 in the Linux kernel.

cos-117-18613-439-28

Change

Updated app-containers/runc to v1.2.8.

Feature

Added support for the Lustre 2.14.0_p224 drivers.

Fixed

Backported an upstream commit to fix high CPU usage when trying to find suitable blocks in ext4 fs.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811751 -> 811818

cos-117-18613-439-22

Security

Fixed CVE-2025-40042 in the Linux kernel.

Fixed

Fixed a race condition where unmounting file systems monitored by inotify or fanotify could result in kernel crash.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811733 -> 811751

Security

Fixed CVE-2025-40083 in the Linux kernel.

cos-117-18613-439-16

Security

Fixed CVE-2025-40044 in the Linux kernel.

Security

Fixed CVE-2025-40040 in the Linux kernel.

Security

Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.

Security

Fixed CVE-2025-40035 in the Linux kernel.

Fixed

Fixed bcache latency spikes.

Security

Fixed CVE-2025-40103 in the Linux kernel.

Security

Fixed CVE-2025-40099 in the Linux kernel.

Security

Fixed CVE-2025-40049 in the Linux kernel.

Security

Fixed CVE-2025-40052 in the Linux kernel.

Security

Fixed CVE-2025-40105 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811728 -> 811733

cos-117-18613-439-12

Security

Fixed CVE-2025-40070 in the Linux kernel.

Security

Fixed CVE-2025-40038 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811785 -> 811728

Security

Fixed CVE-2025-40078 in the Linux kernel.

Security

Fixed CVE-2025-38073 in the Linux kernel.

cos-117-18613-439-9

Change

Updated app-containers/runc to v1.2.7.

Fixed

Upgraded sys-apps/hwdata to v0.400.

Security

Fixed CVE-2025-11412 in binutils-libs.

Security

Fixed CVE-2025-11494 in binutils-libs.

Fixed

Added support for NVIDIA driver v535.274.02 and v570.195.03.

Security

Fixed CVE-2025-11495 in binutils-libs.

Fixed

Upgraded sys-apps/less to v685.

Security

Fixed CVE-2025-11413 and CVE-2025-11414 in binutils-libs.

cos-117-18613-439-2

Announcement

This is an LTS Refresh release.

Fixed

Upgraded dev-db/sqlite to v3.50.3.

Fixed

Upgraded dev-libs/expat to v2.7.3.

Security

Fixed KCTF-6bb73db in the Linux Kernel.

Fixed

Upgraded app-admin/google-guest-configs to v20250805.00.

Security

Fixed CVE-2025-39961 in the Linux kernel.

Fixed

Reduced gcr_wait_online retry gap.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811830 -> 811764

Security

Fixed KCTF-cd8ae32 in the Linux kernel.

Fixed

Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.

Fixed

Upgraded app-admin/sudo to v1.9.17_p2.

Security

Fixed CVE-2025-41244 in app-emulation/open-vm-tools.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Fixed

Added task information collection to sosreports.

Fixed

Upgraded dev-lang/go to v1.23.12.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

cos-117-18613-339-97

Security

Fixed CVE-2025-23143 in the Linux kernel.

Feature

Added support for NVIDIA driver v580.95.05. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.95.05.

Security

Fixed CVE-2025-39947 in the Linux kernel.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.22.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811755 -> 811830

Security

Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.

cos-117-18613-339-89

Security

Fixed KCTF-134121b in the Linux kernel.

Fixed

Upgraded sys-apps/hwdata to v0.399.

Security

Fixed CVE-2025-39931 in the Linux kernel.

Fixed

Partially fixed the system not responding caused by excessive contention among writeback kworkers when switching a large number of inodes between cgroups.

Security

Fixed CVE-2025-39953 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811755

Fixed

Updated toolbox container image tag to v20251002.

cos-117-18613-339-84

Security

Fixed KCTF-1b34cbb in the Linux kernel.

Fixed

Add support for NVIDIA MFT Tools v4.33.0.

Security

Fixed CVE-2025-39913 in the Linux kernel.

Security

Fixed CVE-2025-22106 in the Linux kernel.

Security

Fixed CVE-2025-39914 in the Linux kernel.

Security

Fixed CVE-2025-39886 in the Linux kernel.

Security

Fixed CVE-2025-39911 in the Linux kernel.

Security

Fixed CVE-2025-39882 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811817 -> 811788

Security

Fixed CVE-2025-50181 in dev-python/urllib3.

cos-117-18613-339-77

Security

Fixed CVE-2025-40300 in the Linux kernel.

Security

Fixed CVE-2025-39883 in the Linux kernel.

Security

Fixed CVE-2025-39881 in the Linux kernel.

Security

Fixed KCTF-0aeb54a in the Linux Kernel.

Security

Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.

Fixed

Updated golang.org/x/crypto, golang.org/x/net, golang.org/x/oauth2, and github.com/golang-jwt/jwt/v4 in Docker.

cos-117-18613-339-70

Fixed

Added support for NVIDIA driver v580.82.07. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.82.07.

Change

Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.

Fixed

Updated golang.org/x/crypto in google-osconfig-agent to v0.31.0.

Change

Updated cos-gpu-installer to v2.5.7.

Fixed

Upgraded dev-libs/libxslt to version 1.1.43-r1.

Fixed

Updated the Linux kernel to v6.6.105.

Security

Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811774 -> 811794