cos-121-18867-381-45

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Fixed

Updated cos-gpu-installer to v2.6.1.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Change

Added support for the Lustre 2.14.0_p249 drivers.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Security

Fixed CVE-2025-69648 in binutils-libs.

cos-121-18867-381-35

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

cos-121-18867-381-30

Security

Fixed CVE-2026-23100 in the Linux kernel.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

cos-121-18867-381-24

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Security

Fixed CVE-2025-58187 in dev-lang/go.

cos-121-18867-381-14

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Change

Added support for the Lustre 2.14.0_p246 drivers.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

cos-121-18867-381-1

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Fixed

Upgraded sys-apps/less to v692.

cos-121-18867-294-134

Security

Fixed CVE-2025-37920 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4608 -> 4096

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Announcement

This is an LTS Refresh release.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2024-57994 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

cos-121-18867-294-116

Security

Fixed CVE-2024-49968 in the Linux kernel.

Security

Fixed CVE-2024-57982 in the Linux kernel.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

cos-121-18867-294-112

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2025-22111 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

Security

Fixed CVE-2026-22977 in the Linux kernel.

Security

Fixed CVE-2025-71149 in the Linux kernel.

Security

Fixed CVE-2026-22980 in the Linux kernel.

Security

Fixed CVE-2026-22979 in the Linux kernel.

Security

Fixed CVE-2026-22976 in the Linux kernel.

Security

Fixed CVE-2025-71160 in the Linux kernel.

Security

Fixed CVE-2026-22988 in the Linux kernel.

Security

Fixed CVE-2026-22994 in the Linux kernel.

Feature

Enabled TC Traffic Police as a module.

Security

Fixed CVE-2025-71151 in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed CVE-2025-71148 in the Linux kernel.

cos-121-18867-294-100

Security

Fixed CVE-2025-68813 in the Linux kernel.

Security

Fixed CVE-2025-68764 in the Linux kernel.

Security

Fixed CVE-2025-71113 in the Linux kernel.

Security

Fixed CVE-2025-71096 in the Linux kernel.

Security

Fixed CVE-2025-38129 in the Linux kernel.

Security

Fixed CVE-2025-68788 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2025-68261 in the Linux kernel.

Fixed

Upgraded app-admin/sosreport to v4.10.2.

Security

Fixed CVE-2025-68794 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-71098 in the Linux kernel.

Security

Fixed CVE-2025-68782 in the Linux kernel.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Fixed CVE-2025-38022 in the Linux kernel.

Security

Fixed CVE-2025-71131 in the Linux kernel.

Security

Fixed CVE-2025-68795 in the Linux kernel.

Security

Fixed CVE-2025-71123 in the Linux kernel.

Security

Fixed CVE-2025-68798 in the Linux kernel.

Security

Fixed CVE-2025-68264 in the Linux kernel.

Security

Fixed CVE-2025-71084 in the Linux kernel.

Security

Fixed CVE-2025-68349 in the Linux kernel.

Security

Fixed CVE-2025-71102 in the Linux kernel.

Security

Fixed CVE-2025-71125 in the Linux kernel.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-68816 in the Linux kernel.

Fixed

Installed app-misc/c_rehash, which was unintentionally removed after the dev-libs/openssl update.

Security

Fixed CVE-2025-71077 in the Linux kernel.

Security

Fixed CVE-2025-71104 in the Linux kernel.

Security

Fixed CVE-2025-68744 in the Linux kernel.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-68756 in the Linux kernel.

Security

Fixed CVE-2025-68724 in the Linux kernel.

Security

Fixed CVE-2025-68820 in the Linux kernel.

Security

Fixed CVE-2025-68775 in the Linux kernel.

Security

Fixed CVE-2025-71118 in the Linux kernel.

Security

Updated dev-libs/openssl to v3.0.19. This resolves CVE-2025-15467.

Security

Fixed CVE-2025-68363 in the Linux kernel.

Security

Fixed CVE-2025-68259 in the Linux kernel.

Security

Fixed CVE-2025-71097 in the Linux kernel.

Security

Fixed CVE-2025-68821 in the Linux kernel.

Security

Fixed CVE-2025-68780 in the Linux kernel.

Security

Fixed CVE-2025-71120 in the Linux kernel.

Security

Fixed CVE-2025-71068 in the Linux kernel.

Security

Fixed CVE-2025-68337 in the Linux kernel.

Fixed

Upgraded sys-apps/less to v691.

Security

Fixed CVE-2025-68740 in the Linux kernel.

Security

Fixed CVE-2025-68814 in the Linux kernel.

cos-121-18867-294-88

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Change

Updated dev-libs/openssl to v3.0.18.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Security

Applied urllib3 patch for CVE-2024-37891.

cos-121-18867-294-78

Change

Runtime sysctl changes:

• Changed: net.ipv4.tcp_mem: 94044 125392 188088 -> 94041 125391 188082
• Changed: net.ipv4.udp_mem: 188088 250784 376176 -> 188085 250783 376170

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

cos-121-18867-294-76

Security

Fixed CVE-2025-68173 in the Linux kernel.

Security

Fixed CVE-2025-40360 in the Linux kernel.

Security

Fixed CVE-2025-40346 in the Linux kernel.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811762 -> 811813
• Changed: net.ipv4.tcp_mem: 94041 125391 188082 -> 94044 125392 188088
• Changed: net.ipv4.udp_mem: 188085 250783 376170 -> 188088 250784 376176

Security

Fixed CVE-2025-68208 in the Linux kernel.

Security

Fixed CVE-2025-68214 in the Linux kernel.

Security

Fixed CVE-2025-40361 in the Linux kernel.

Security

Fixed CVE-2025-68185 in the Linux kernel.

Security

Fixed CVE-2025-68231 in the Linux kernel.

Security

Fixed CVE-2025-68321 in the Linux kernel.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Security

Fixed CVE-2025-68183 in the Linux kernel.

Security

Fixed CVE-2025-68295 in the Linux kernel.

Security

Fixed CVE-2025-68198 in the Linux kernel.

Security

Fixed CVE-2025-68229 in the Linux kernel.

Security

Fixed CVE-2025-68241 in the Linux kernel.

Security

Fixed CVE-2025-68200 in the Linux kernel.

Security

Fixed CVE-2025-68224 in the Linux kernel.

Security

Fixed CVE-2025-68171 in the Linux kernel.

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Security

Fixed CVE-2025-68219 in the Linux kernel.

Security

Fixed CVE-2025-68191 in the Linux kernel.

Security

Fixed CVE-2025-68178 in the Linux kernel.

cos-121-18867-294-68

Security

Fixed KCTF-f05a4f9 in the Linux kernel.

Fixed

Backported upstream commit to reduce bcache gc latency.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811817 -> 811762

cos-121-18867-294-66

Security

Fixed CVE-2025-40297 in the Linux kernel.

Security

Updated app-containers/containerd and app-containers/containerd-test to v2.0.7. This resolves CVE-2024-25621 and CVE-2025-64329.

Security

Fixed CVE-2025-40341 in the Linux kernel.

Security

Fixed CVE-2025-40328 in the Linux kernel.

Security

Fixed CVE-2025-40293 in the Linux kernel.

Security

Fixed CVE-2025-40324 in the Linux kernel.

Security

Fixed CVE-2025-40292 in the Linux kernel.

Security

Fixed CVE-2025-40319 in the Linux kernel.

Security

Fixed CVE-2025-40231 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811799 -> 811817

Security

Fixed CVE-2025-40220 in the Linux kernel.

cos-121-18867-294-60

Security

Fixed CVE-2025-40272 in the Linux kernel.

Security

Fixed CVE-2025-40250 in the Linux kernel.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811755 -> 811799

Security

Fixed CVE-2025-38678 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Security

Fixed CVE-2025-40320 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-40268 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-22103 in the Linux kernel.

Feature

Applied critical tx timeout patch series to fix idpf bug.

Security

Fixed CVE-2025-40266 in the Linux kernel.

Security

Fixed CVE-2025-38057 in the Linux kernel.

Security

Fixed CVE-2025-40273 in the Linux kernel.

Security

Fixed CVE-2025-40271 in the Linux kernel.

Security

Fixed CVE-2025-40248 in the Linux kernel.

Security

Fixed CVE-2025-21868 in the Linux kernel.

cos-121-18867-294-42

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811812 -> 811755

Fixed

Made the google-guest-agent more resilient to network link flakes.

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for NVIDIA_RTX_PRO_6000, NVIDIA_GB200, NVIDIA_B200, and NVIDIA_H200 GPU types.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

cos-121-18867-294-38

Security

Fixed CVE-2025-40167 in the Linux kernel.

Fixed

Set the default NVIDIA driver version to v535.274.02 for GPU types which previously had a default major version of 535. This includes NVIDIA_TESLA_V100, NVIDIA_TESLA_A100, NVIDIA_A100_80GB, NVIDIA_H100_80GB, NVIDIA_TESLA_P100, NVIDIA_L4, NVIDIA_TESLA_P4 and NVIDIA_TESLA_T4 GPU types.

Fixed

Fixed an issue in app-containers/runc that caused runc to use more file descriptors than intended.

Security

Fixed CVE-2025-40173 in the Linux kernel.

Feature

Enabled KVM for COS ARM64.

Security

Fixed KCTF-60e6489 in the Linux Kernel.

Security

Fixed CVE-2025-40196 in the Linux kernel.

Security

Fixed CVE-2025-40198 in the Linux kernel.

Security

Fixed CVE-2025-40176 in the Linux kernel.

Security

Fixed KCTF-b441cf3 in the Linux kernel.

cos-121-18867-294-25

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811813 -> 811764

Change

Updated app-containers/runc to v1.2.8.

Fixed

Backported an upstream commit to fix high CPU usage when trying to find suitable blocks in ext4 fs.

Feature

Added support for the Lustre 2.14.0_p224 drivers.

cos-121-18867-294-17

Security

Fixed CVE-2025-40078 in the Linux kernel.

Fixed

Upgraded sys-apps/pv to v1.9.44.

Fixed

Fixed a race condition where unmounting file systems monitored by inotify or fanotify could result in kernel crash.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.8.

Security

Fixed CVE-2025-40083 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811792 -> 811813

cos-121-18867-294-12

Security

Fixed CVE-2025-40040 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811785 -> 811792

Security

Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.

Fixed

Fixed bcache latency spikes.

Security

Fixed CVE-2025-40103 in the Linux kernel.

Security

Fixed CVE-2025-40099 in the Linux kernel.

Security

Fixed CVE-2025-40105 in the Linux kernel.

cos-121-18867-294-8

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811835 -> 811785

Security

Fixed CVE-2025-11413,11414 in binutils-libs.

Fixed

Added support for NVIDIA driver v535.274.02 and v570.195.03.

Security

Fixed CVE-2025-38073 in the Linux kernel.

cos-121-18867-294-2

Announcement

Change

Updated app-containers/runc to v1.2.7.

Fixed

Upgraded sys-apps/hwdata to v0.400.

Fixed

Upgraded sys-auth/pambase to v20250906.

Security

Fixed CVE-2025-11412 in binutils-libs.

Security

Fixed CVE-2025-11494 in binutils-libs.

Fixed

Upgraded app-admin/google-guest-configs to v20250805.00.

Fixed

Upgraded sys-apps/pv to v1.9.42.

Fixed

Upgraded app-admin/sudo to v1.9.17_p2.

Security

Fixed CVE-2025-11495 in binutils-libs.

Fixed

Upgraded dev-lang/go to v1.23.12.

Fixed

Reduced gcr_wait_online retry gap.

Fixed

Upgraded dev-libs/expat to v2.7.3.

Fixed

Upgraded sys-apps/less to v685.

Fixed

Upgraded dev-db/sqlite to v3.50.3.

cos-121-18867-199-105

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811792 -> 811798

Security

Fixed KCTF-6bb73db in the Linux Kernel.

Security

Fixed CVE-2025-39961 in the Linux kernel.

Security

Fixed CVE-2025-39998 in the Linux kernel.

Security

Fixed CVE-2025-39975 in the Linux kernel.

Security

Fixed CVE-2025-39971 in the Linux kernel.

Security

Fixed CVE-2025-39972 in the Linux kernel.

Security

Fixed CVE-2025-39969 in the Linux kernel.

Security

Fixed KCTF-cd8ae32 in the Linux kernel.

Fixed

Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.

Security

Fixed CVE-2025-39968 in the Linux kernel.

Security

Fixed CVE-2025-39970 in the Linux kernel.

Security

Fixed CVE-2025-39980 in the Linux kernel.

Security

Fixed CVE-2025-39977 in the Linux kernel.

Fixed

Added task information collection to sosreports.

cos-121-18867-199-98

Security

Fixed CVE-2025-23143 in the Linux kernel.

Fixed

Upgraded sys-apps/hwdata to v0.399.

Feature

Added support for NVIDIA driver v580.95.05. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.95.05.

Security

Fixed CVE-2025-39947 in the Linux kernel.

Security

Fixed CVE-2025-39953 in the Linux kernel.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.22.

Security

Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.

Security

Fixed CVE-2025-41244 in app-emulation/open-vm-tools in anthos variant.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811724 -> 811792

Fixed

Updated toolbox container image tag to v20251002.

Security

Fixed CVE-2025-39931 in the Linux kernel.

Security

Fixed KCTF-134121b in the Linux kernel.

Fixed

Partially fixed an issue where excessive contention among writeback kworkers when switching a large number of inodes between cgroups could lead to system unresponsiveness.

cos-121-18867-199-88

Security

Fixed KCTF-1b34cbb in the Linux kernel.

Fixed

Add support for NVIDIA MFT Tools v4.33.0.

Security

Fixed CVE-2025-39913 in the Linux kernel.

Security

Fixed CVE-2025-22106 in the Linux kernel.

Security

Fixed CVE-2025-39914 in the Linux kernel.

Security

Fixed CVE-2025-39886 in the Linux kernel.

Security

Fixed CVE-2025-39911 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811826 -> 811724

Security

Fixed CVE-2025-39882 in the Linux kernel.

Security

Fixed CVE-2025-50181 in dev-python/urllib3.

cos-121-18867-199-80

Security

Fixed CVE-2025-40300 in the Linux kernel.

Security

Fixed CVE-2025-39883 in the Linux kernel.

Security

Fixed CVE-2025-39881 in the Linux kernel.

Fixed

Updated golang.org/x/oauth2, golang.org/x/net, golang.org/x/crypto, and github.com/golang-jwt/jwt/v5 in Docker.

Security

Fixed KCTF-0aeb54a in the Linux Kernel.

Security

Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.

cos-121-18867-199-73

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811710 -> 811752

Change

Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.

Change

Updated cos-gpu-installer to v2.5.7.

Fixed

Upgraded dev-libs/libxslt to version 1.1.43-r1.

Fixed

Added support for NVIDIA driver v580.82.07. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.82.07.

Security

Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714.

cos-121-18867-199-65

Security

Fixed CVE-2025-39782 in the Linux kernel.

Security

Fixed CVE-2025-38640 in the Linux kernel.

Security

Fixed CVE-2025-38539 in the Linux kernel.

Feature

Added GDRCopy kernel module for NVIDIA drivers.

Security

Fixed CVE-2025-38622 in the Linux kernel.

Security

Fixed CVE-2025-38563 in the Linux kernel.

Security

Fixed CVE-2025-38568 in the Linux kernel.

Feature

Added support for NVIDIA MFT Tools on arm64.

Security

Fixed CVE-2025-38550 in the Linux kernel.

Security

Fixed CVE-2025-38572 in the Linux kernel.

Security

Fixed CVE-2025-38608 in the Linux kernel.

Security

Fixed CVE-2025-38349 in the Linux kernel.

Security

Fixed CVE-2025-38645 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811710

Security

Fixed CVE-2025-38588 in the Linux kernel.

Security

Fixed CVE-2025-38639 in the Linux kernel.

Security

Fixed CVE-2025-38528 in the Linux kernel.

Fixed

Updated the Linux kernel to v6.6.105.

cos-121-18867-199-56

Fixed

Upgraded sys-apps/file to v5.46-r3.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811774 -> 811788

Security

Fixed CVE-2025-38351 in the Linux kernel.