| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.55 | v27.5.1 | v2.1.3 | See List |
Runtime sysctl changes:
Fixed a bug in cos-extensions which would cause GB200 and GB300 devices not to be detected in one code path, which would result in Imex channels not being created by default.
Fixed a TCPX bug which would sometimes incorrectly report devices as being missing when route cache entries were missing or invalidated.
Updated the Linux kernel to v6.12.55.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.54 | v27.5.1 | v2.1.3 | See List |
Added GB300 support to cos-extensions.
Added support for NVIDIA driver v535.274.02 and v570.195.03.
Updated cos-gpu-installer to v2.5.9. This adds support for installing drivers for GB 300 devices.
Upgraded sys-apps/less to v685.
Upgraded sys-apps/pv to v1.9.44.
Updated the Linux kernel to v6.12.54.
Fixed CVE-2025-11413 and CVE-2025-11414 in binutils-libs.
Upgraded chromeos-base/google-breakpad to v2025.10.16.221019-r255.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.53 | v27.5.1 | v2.1.3 | See List |
Fixed CVE-2025-11495 in binutils-libs.
Updated app-containers/runc to v1.2.7.
Fixed CVE-2025-11494 in binutils-libs.
Upgraded sys-auth/pambase to v20251013.
Upgraded app-admin/google-guest-configs to v20251014.00.
Upgraded sys-apps/pv to v1.9.42.
Updated cos-gpu-installer to v2.5.8.
Fixed CVE-2025-11412 in binutils-libs.
Added support for NVIDIA GB300 devices.
Upgraded sys-apps/hwdata to v0.400.
Added support for A4X-Max NICs.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.53 | v27.5.1 | v2.1.3 | See List |
Runtime sysctl changes:
Updated the Linux kernel to v6.12.53.
Updated the dump capture kernel to v6.12.52.
Fixed KCTF-6bb73db in the Linux Kernel.
Reduced gcr_wait_online retry gap.
Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.50 | v27.5.1 | v2.1.3 | See List |
Runtime sysctl changes:
Upgraded sys-apps/hwdata to v0.399.
Added support for NVIDIA driver v580.95.05. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.95.05.
Updated the Linux kernel to v6.12.50.
Upgraded app-containers/docker-credential-helpers to v0.9.4.
Upgraded net-libs/libtirpc to v1.3.7.
Updated sys-apps/coreutils to v9.5. This resolves CVE-2024-0684.
Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.
Upgraded dev-libs/expat to v2.7.3.
Updated toolbox container image tag to v20251002.
Upgraded chromeos-base/google-breakpad to v2025.10.06.205107-r254.
Updated dev-python/urllib3 to v2.5.0. This resolves CVE-2025-50181.
Fixed KCTF-134121b in the Linux kernel.
Upgraded open-vm-tools to 13.0.5. This fixes CVE-2025-41244 in anthos variant.
Partially fixed an issue where excessive contention among writeback kworkers when switching a large number of inodes between cgroups could lead to system unresponsiveness.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.49 | v27.5.1 | v2.1.3 | See List |
Add support for NVIDIA MFT Tools v4.33.0.
Runtime sysctl changes:
Configured the cos-gpu-installer to use R580 drivers as the default GPU drivers.
Updated the Linux kernel to v6.12.49.
Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.48 | v27.5.1 | v2.1.3 | See List |
Updated golang.org/x/oauth2, golang.org/x/net, golang.org/x/crypto, and github.com/golang-jwt/jwt/v5 in Docker.
Added CPU balloon support for ARM CPUs.
Added support for the fwctl subsystem and the Mellanox fwctl driver for ARM64.
Upgraded dev-libs/expat to v2.7.2.
Updated the Linux kernel to v6.12.48.
Upgraded app-admin/google-guest-configs to v20250913.00.
Upgraded sys-auth/pambase to v20250906.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.47 | v27.5.1 | v2.1.3 | See List |
Added support for NVIDIA driver v580.82.07. Updated all latest driver version and default driver versions for NVIDIA_GB200 and NVIDIA_B200 to v580.82.07.
Updated the Linux kernel to v6.12.47.
Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.
Updated cos-gpu-installer to v2.5.7.
Upgraded dev-libs/libxslt to version 1.1.43-r1.
Runtime sysctl changes:
Upgraded dev-libs/libxml2 to version 2.13.9. This fixes CVE-2025-9714, CVE-2025-32415 and CVE-2025-32414.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.46 | v27.5.1 | v2.1.3 | See List |
Fixed a kernel bug which caused boot to fail for n4 machine types.
Added GDRCopy kernel module for NVIDIA drivers.
Updated the Linux kernel to v6.12.46.
Added support for NVIDIA MFT Tools on arm64.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.43 | v27.5.1 | v2.1.3 | See List |
Enabled dynamic vlan configuration for non-primary NICs.
Added kernel support for bare-metal on the NVIDIA Grace platform.
Fixed an issue where cpusets cgroups did not work with cgroup v1 enabled.
Added iRDMA support in the Linux kernel.
Upgraded sys-auth/pambase to v20250826.
Upgraded sys-apps/file to v5.46-r3.
Fixed CVE-2025-6052 in dev-libs/glib.
Updated the Linux kernel to v6.12.43.
Upgraded sys-apps/hwdata to v0.398.
Disabled DNSSEC by default for COS TPU VMs.
Installed app-misc/c_rehash.
Added TDX RTMR support.
Runtime sysctl changes:
Upgraded chromeos-base/google-breakpad to v2025.08.18.161925-r245.
Upgraded app-admin/google-guest-configs to v20250818.00.
Added IPv6 support for machines using the IDPF driver.
Upgraded app-admin/google-guest-configs to v20250826.00.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.42 | v27.5.1 | v2.1.3 | See List |
Added support for the Lustre 2.14.0_p216 drivers.
Runtime sysctl changes:
Fixed KCTF-abad3d0 in the Linux kernel.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.41 | v27.5.1 | v2.1.3 | See List |
Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.
Upgraded net-nds/rpcbind to v1.2.8.
Enabled the google-guest-agent's network management functionality.
Upgraded sys-apps/gentoo-functions to v1.7.4.
Upgraded dev-lang/go to v1.23.12.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r668.
Fixed KCTF-01d3c84 in the Linux kernel.
Upgraded app-admin/google-guest-configs to v20250807.00.
Added ConnectX-8 RDMA support.
Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.
Upgraded dev-db/sqlite to v3.50.4.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.41 | v27.5.1 | v2.1.3 | See List |
Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.
Fixed CVE-2025-8058 in glibc.
Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.
Runtime sysctl changes:
Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.
Upgraded dev-libs/openssl to 3.5.1.
Upgraded chromeos-base/google-breakpad to v2025.07.23.214511-r244.
Upgraded net-misc/openssh to 10.0_p1.
Upgraded app-admin/sudo to v1.9.17_p2.
Updated dev-python/requests to v2.32.4.
Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.
Updated app-admin/node-problem-detector to 0.8.21.
Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.
Upgraded dev-lang/go to v1.23.11.
Upgraded app-admin/google-guest-configs to v20250718.00.
Upgraded sys-apps/pv to v1.9.34.
Fixed an issue where the cpuidle driver selected for some machine types would cause inflated reports of high CPU usage.
Upgraded dev-db/sqlite to v3.50.3.
Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.
Updated containerd to v2.1.3.
Updated app-containers/cni-plugins to 1.7.1.
Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.
Upgraded virtual/logger to v0-r2.
Enabled hardware optimized SHA256 algorithms for x86 machines with SSSE3 and AVX/AVX2 instructions and ARM64 machines with SHA-NI and ARMv8 Crypto Extensions.
Enabled the Btrfs kernel module.
Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.
Upgraded chromeos-base/minijail to v18-r168.
Upgraded sys-process/lsof to v4.99.5.
Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.
Added NVIDIA GPU driver's R580 branch. Updated the LATEST GPU driver label to version 580.65.06.
Upgraded chromeos-base/shill-client to v0.0.1-r4879.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.37 | v27.5.1 | v2.0.4 | See List |
Upgraded sqlite to v3.50.2. This resolves CVE-2025-6965.
The NFS access cache is no longer cleared on login by default. To use the old behavior, load the NFS module with the nfs_fasc=1 module parameter.
Runtime sysctl changes:
Updated app-misc/jq to v1.8.1.
Fixed CVE-2024-26130 in dev-python/cryptography.
Patched openssl to fix CVE-2023-50782 affecting dev-python/crytography.
Fixed KCTF-5e28d5a in the Linux kernel.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.12.37 | v27.5.1 | v2.0.4 | See List |
Upgraded uhaul to version 6.12-0.
Updated the NVIDIA GPU driver policy for New Feature Branch (NFB) drivers. The LATEST tag has been updated to point to the stable 570.133.20 Production Branch. The 575.57.08 NFB driver remains available for development and testing but must now be selected by its specific version number.Removed 575.57.08 NFB driver support for NVIDIA_GB200 machine.
Updated app-editors/nano to v8.5. This resolves CVE-2024-5742.
Upgraded vim, vim-core to version 9.1.1500. This fixes CVE-2025-26603, CVE-2025-27423, CVE-2025-29768, CVE-2025-1215, CVE-2025-24014, CVE-2025-22134.
Remove support for the v2.14.0_p184 and v2.14.0_p198 Lustre client drivers.
Upgraded app-admin/google-guest-configs to v20250627.00.
Added ARM support for the Lustre 2.14.0 drivers.
Fixed an issue where some workloads could cause a full system hang when running close to their memory limit.
Updated the Linux kernel to v6.12.37.
Upgraded nvidia-container-toolkit to v1.17.8. This fixes CVE-2025-23266.
Upgraded chromeos-base/shill-client to v0.0.1-r4875.
Fixed CVE-2024-6174 and CVE-2024-11584 in cloud-init.
Upgraded chromeos-base/google-breakpad to v2025.07.01.161305-r243.
Runtime sysctl changes:
Updated cos-gpu-installer to v2.5.5.
Upgraded sysram to version 6.12-0.
Upgraded app-admin/sudo to v1.9.17_p1. This resolves CVE-2025-32462 and CVE-2025-32463.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.94 | v27.5.1 | v2.0.4 | See List |
Upgraded chromeos-base/google-breakpad to v2025.06.12.121629-r242.
Upgrade libarchive to version 3.8.1. This fixes CVE-2025-5914.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r667.
Upgraded chromeos-base/shill-client to v0.0.1-r4871.
Updated nvidia-container-toolkit to v1.17.7.
Upgraded sys-apps/less to v679.
Upgraded chromeos-base/shill-client to v0.0.1-r4872.
Upgraded dev-db/sqlite to v3.50.1.
Upgraded sys-apps/ethtool to version 6.11.
Upgraded sys-process/procps to v4.0.5-r2.
Upgraded dev-lang/go to v1.23.10.
Runtime sysctl changes:
Added support for the Lustre 2.14.0_p212 drivers.
Upgraded app-admin/google-guest-configs to v20250605.00.
Upgraded sys-libs/libcap to v2.76.
drop marvell-pcie-ep-octeon driver
Upgraded app-admin/sudo to v1.9.17.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.94 | v27.5.1 | v2.0.4 | See List |
Added NVIDIA 570.133.20 vGPU driver.
Updated the Linux kernel to v6.6.94.
Runtime sysctl changes:
Upgraded elfutils to version 0.193. This fixes CVE-2025-1365, CVE-2025-1371, CVE-2025-1372, and CVE-2025-1377.
Added a kernel patch to address bcache latency.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.93 | v27.5.1 | v2.0.4 | See List |
Upgraded app-misc/jq to v1.8.0. This fixes CVE-2025-48060.
Upgraded dpdk-kmods to 9b182be2ee4b
Runtime sysctl changes:
Updated the Linux kernel to v6.6.93.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.92 | v27.5.1 | v2.0.4 | See List |
Updated cos-gpu-installer to v2.5.3.
Runtime sysctl changes:
Fixed KCTF-ac9fe7d in the kernel.
Added support for Nvidia driver version 575.57.08.
Upgraded chromeos-base/shill-client to v0.0.1-r4869.
Updated systemd to v254.26. This resolves CVE-2025-4598.
Added support for the Lustre 2.14.0_p198 drivers.
Upgraded dev-db/sqlite to v3.50.0.
Fixed CVE-2025-47273 in dev-python/setuptools.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.92 | v27.5.1 | v2.0.4 | See List |
Fixed KCTF-3f98113 in the Linux kernel.
Upgraded app-admin/google-guest-configs to v20250516.00.
Upgraded sys-apps/less to v678.
Upgraded sys-apps/rootdev to v0.0.1-r51.
Upgraded sys-apps/dbus to v1.16.2-r197.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2969.
Upgraded dev-lang/go to v1.23.9.
Upgraded chromeos-base/google-breakpad to v2025.05.22.184901-r240.
Updated the Linux kernel to v6.6.92.
Runtime sysctl changes:
Fixed CVE-2025-46836 in sys-apps/net-tools
Injected IMEX channel char device for GB200 GPUs.
Updated cos-gpu-installer to v2.5.2: Added support for OTHER/NO_GPU cases to enable GPU driver preloading on the ARM64 architecture and added support for IMEX Driver configuration installation for NVIDIA_GB200 machine.
Upgraded net-misc/curl to version 8.12.1. This fixes CVE-2025-0167.
Fixed CVE-2024-23337 in app-misc/jq.
Upgraded chromeos-base/debugd-client to v0.0.1-r2734.
Fixed docker MTU mismatch.
Supported NVIDIA MFT Tools.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r665.
Fixed CVE-20250-3198 in sys-libs/bintuils-libs.
Upgraded chromeos-base/shill-client to v0.0.1-r4866.
Upgraded google-guest-agent to 20250327.00. This included
new services like google-guest-compat-manager.service and
google-guest-agent-manager.service and new binaries like
google_guest_compat_manager, gce_metadata_script_runner,
google_guest_agent_manager, ggactl_plugin_cleanup and
gce_compat_metadata_script_runner.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2830.
Upgraded dev-db/sqlite to v3.49.2.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.89 | v27.5.1 | v2.0.4 | See List |
Updated the Linux kernel to v6.6.89.
Fixed issue where modinfo could not display module signatures.
Added support for 7th generation TPU devices.
Runtime sysctl changes:
Updated apparmor to 3.1.6. This fixes CVE-2016-1585.
Upgraded app-admin/google-guest-configs to v20250501.00.
Increased kdump memory reservation.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.88 | v27.5.1 | v2.0.4 | See List |
Upgraded sys-apps/makedumpfile to v1.7.7.
Upgraded app-arch/gzip to v1.14.
Upgraded chromeos-base/shill-client to v0.0.1-r4853.
Upgraded chromeos-base/debugd-client to v0.0.1-r2733.
Upgraded chromeos-base/minijail to v18-r167.
Upgraded net-dns/libidn2 to v2.3.8.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2480.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2829.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2968.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r664.
Updated NVIDIA GPU drivers to v535.247.01 for default/ R535 and v570.133.20 for latest/R570. This resolves CVE-2025-23244.
Upgraded chromeos-base/google-breakpad to v2025.04.09.155244-r236.
Updated the Linux kernel to v6.6.88.
Upgraded app-benchmarks/microbenchmarks to v0.0.1-r20.
Fixed CVE-2025-32414, CVE-2025-32415 in dev-libs/libxml2.
Upgraded app-admin/google-guest-agent to v20250418.00.
Upgraded sys-apps/grep to v3.12.
Upgraded app-admin/google-guest-configs to v20250409.00.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Fixed an issue in containerd that potentially breaks metric collection
Fixed CVE-2025-31498 in net-dns/c-ares.
Patched a null ptr exception bug in NVIDIA 570.124.06 OSS driver
Fixed CVE-2025-32728 in net-misc/openssh.
Updated dev-go/net in policy manager to v0.39.0. This fixes CVE-2025-22870.
Runtime sysctl changes:
Fixed an issue in containerd that prevented some v2 shims from shutting down properly.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.87 | v27.5.1 | v2.0.4 | See List |
Upgraded app-admin/google-guest-agent to v20250408.00.
Updated cos-gpu-installer to v2.5.0: Support IMEX Driver installation for NVIDIA_GB200 GPU device.
Runtime sysctl changes:
Upgraded chromeos-base/shill-client to v0.0.1-r4850.
Fixed CVE-2024-48615 in app-arch/libarchive.
Fixed CVE-2024-53427 in app-misc/jq.
Updated the Linux kernel to v6.6.87.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r663.
Upgraded chromeos-base/debugd-client to v0.0.1-r2732.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2828.
Updated dev-vcs/git to version 2.49.0. This fixed CVE-2024-52006, CVE-2024-50349
Upgraded chromeos-base/power_manager-client to v0.0.1-r2967.
Reverted a change in the linux kernel which caused nfs directories to unexpectedly be mounted as ro instead of rw.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2479.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.86 | v27.5.1 | v2.0.4 | See List |
Upgraded chromeos-base/power_manager-client to v0.0.1-r2966.
Upgraded chromeos-base/minijail to v18-r164.
Fixed EINTR error in app-container/cni-plugins.
Upgraded chromeos-base/google-breakpad to v2025.04.01.213855-r235.
Upgraded app-admin/google-guest-configs to v20250328.00.
Upgraded dev-libs/expat to v2.7.1.
Upgraded sys-apps/dbus to v1.14.10-r196.
Updated the Linux kernel to v6.6.86.
Runtime sysctl changes:
Upgraded chromeos-base/session_manager-client to v0.0.1-r2827.
Upgraded chromeos-base/debugd-client to v0.0.1-r2731.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2478.
Upgraded net-misc/rsync to v3.4.1.
Upgraded app-arch/unzip to v6.0_p29.
Modified toolbox to use unified cgroup hierarchy mode, when possible, instead of hybrid mode.
Upgraded sys-apps/diffutils to v3.11-r2.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r662.
Upgraded net-nds/rpcbind to v1.2.7.
Upgraded dev-libs/nss to v3.110.
Upgraded chromeos-base/shill-client to v0.0.1-r4848.
Upgraded app-containers/docker-credential-helpers to v0.9.3.
Upgraded app-admin/google-guest-agent to v20250331.00.
Updated app-containers/containerd to v2.0.4.
Upgraded sys-libs/libseccomp to v2.6.0-r2.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.84 | v27.5.1 | v2.0.2 | See List |
Updated the Linux kernel to v6.6.84.
Runtime sysctl changes:
| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.83 | v27.5.1 | v2.0.2 | See List |
Updated app-admin/google-guest-configs to v20250207.00.
Upgraded sys-apps/dbus to v1.14.10-r195.
Upgraded app-admin/google-guest-agent to v20250304.03.
Upgraded chromeos-base/minijail to v18-r163.
Upgraded sys-apps/pv to v1.9.27.
Upgraded chromeos-base/debugd-client to v0.0.1-r2727.
Upgraded net-misc/wget to version 1.25.0. Fixes CVE-2024-10524.
Upgraded sys-libs/libseccomp to v2.6.0.
Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.
Upgraded net-misc/socat to v1.8.0.3.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2817.
Upgraded chromeos-base/shill-client to v0.0.1-r4838.
Applied Intel patches to add iRDMA support in the Linux kernel.
Updated dev-python/botocore to v1.37.9.
Upgraded dev-libs/nss to v3.109.
Updated Python to v3.11.
Upgraded sys-auth/pambase to v20250228.
Upgraded app-admin/fluent-bit to v3.2.5.
Updated app-admin/awscli to v1.38.4.
Added support for NVIDIA GB200 GPU with 570.124.06 GPU driver. This driver version has been assigned the latest, default, and R570 tags for this GPU type.
Upgraded app-admin/google-guest-agent to v20250122.00.
Updated dev-go/oauth2 to v0.27.0. Fixes CVE-2025-22868.
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Upgraded dev-db/sqlite to v3.49.1.
Upgraded chromeos-base/shill-client to v0.0.1-r4834.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64
Upgraded dev-libs/libxml2 to version 1.12.10. Fixes CVE-2025-27113.
Upgraded app-admin/google-guest-agent to v20250204.02.
Fixed CVE-2025-0395 in sys-libs/glibc.
Runtime sysctl changes:
Upgraded dev-libs/nss to v3.108.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Upgraded chromeos-base/google-breakpad to v2024.02.16.014630-r227.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r659.
Upgrade cloud-init from 23.4.3 to 24.4.1.
Fixed an issue that resulted in missing grub boot measurements in some machine configurations.
Fixed a race condition that could cause a kernel panic.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2963.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2471.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2474.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r657.
Added support for the Lustre 2.14.0 client drivers.
Upgraded app-admin/google-guest-configs to v20250124.00.
Upgraded sys-apps/diffutils to v3.11-r1.
Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.
Upgraded sys-apps/dbus to v1.14.10-r194.
Upgraded chromeos-base/debugd-client to v0.0.1-r2728.
Upgraded sys-apps/diffutils to v3.11.
Upgraded app-admin/google-guest-configs to v20250221.00.
Upgraded chromeos-base/minijail to v18-r160.
Add support for iRDMA devices.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2821.
Upgraded sys-apps/pv to v1.9.31.
Upgraded app-admin/google-guest-agent to v20250225.00.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2961.
Fixed CVE-2025-0840 in binutils.
Upgraded app-containers/runc to v1.2.5, Upgraded app-containers/runc-test to v1.2.5.
Upgraded chromeos-base/debugd-client to v0.0.1-r2726.
Upgraded sys-apps/hwdata to v0.391.
Upgraded app-containers/docker-credential-helpers to v0.9.2.
Updated dev-python/python-dateutil to v2.9.0.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2820.
Added support for NVIDIA 570.124.06 GPU driver. Updated the LATEST GPU driver label to version 570.124.06 for all GPU devices. Updated the DEFAULT GPU driver label to version 570.124.06 for NVIDIA_B200 and NVIDIA_H200 GPU devices.
Upgraded dev-libs/double-conversion to v3.3.1.
Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.
Upgraded dev-db/sqlite to v3.47.2-r1.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2818.
Upgraded sys-apps/which to v2.23.
Upgraded sys-libs/libseccomp to v2.6.0-r1.
Upgraded chromeos-base/shill-client to v0.0.1-r4818.
Fixed CVE-2024-13176 in dev-libs/openssl.
Upgraded app-admin/node-problem-detector to v0.8.20.
Fixed CVE-2024-9287 in dev-lang/python.
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r658.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2962.
Upgraded chromeos-base/shill-client to v0.0.1-r4825.
Updated dev-python/s3transfer to v0.11.4.
Upgraded sys-apps/acl to v2.3.2-r2.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2470.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.74 | v27.5.1 | v2.0.2 | See List |
Upgraded net-misc/socat to v1.8.0.3.
Upgraded net-misc/openssh to version 9.9_p2. This fixed CVE-2025-26465 and CVE-2025-26466.
Upgraded dev-go/oauth2 to v0.27.0. This fixes CVE-2025-22868.
Fixed CVE-2024-50014 in the Linux kernel.
Added support for iRDMA devices.
Fixed CVE-2024-50017 in the Linux kernel.
Upgraded app-containers/docker to v27.5.1, Upgraded app-containers/docker-test to v27.5.1, Upgraded app-containers/docker-cli to v27.5.1.
Fixed KCTF-fcdd224 in the Linux kernel.
Fixed CVE-2025-21745 in the Linux kernel.
Upgraded dev-go/crypto to v0.35.0. This fixes CVE-2025-22869.
Fixed CVE-2024-50304 in the Linux kernel.
Fixed CVE-2025-21814 in the Linux kernel.
Upgraded dev-libs/libxml2 to version 1.12.10. This fixes CVE-2025-27113.
Fixed CVE-2025-21690 in the Linux kernel.
Disabled martian logging for ConnectX-7 network cards. These cards only communicate locally, but martian logging during communications with the host can lead to a race condition which causes GID table construction to sometimes fail.
Fixed KCTF-638ba50 in the Linux kernel.
Fixed CVE-2024-49994 in the Linux kernel.
Fixed CVE-2024-50146 in the Linux kernel.
Applied Intel patches to add iRDMA support in the Linux kernel.
Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.
Fixed KCTF-8802766 in the Linux kernel.
Upgraded net-misc/wget to version 1.25.0. This fixes CVE-2024-10524.
Runtime sysctl changes:
Fixed CVE-2024-56549 in the Linux kernel.
Upgrade sys-libs/binutils-libs to 2.44-r1. This fixes CVE-2024-53589.
Fixed CVE-2024-58017 in the Linux kernel.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.74 | v25.0.7 | v2.0.2 | See List |
Upgraded sys-apps/diffutils to v3.11.
Upgraded app-admin/fluent-bit to v3.2.5.
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Fixed CVE-2024-9287 in dev-lang/python.
Updated app-admin/google-guest-configs to v20250207.00.
Updated Konlet to v0.13.4.
Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64
Upgraded cloud-init from 23.4.3 to 24.4.1.
Fixed CVE-2025-0840 in binutils.
Upgraded sys-apps/pv to v1.9.27.
Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.
Runtime sysctl changes:
Fixed CVE-2024-13176 in dev-libs/openssl.
Fixed CVE-2025-0395 in sys-libs/glibc.
Upgraded sys-apps/hwdata to v0.391.
Upgraded app-admin/google-guest-agent to v20250204.02.
]]>| Kernel | Docker | Containerd | GPU Drivers |
| COS-6.6.74 | v25.0.7 | v2.0.2 | See List |
Fixed KCTF-bc50835 in the Linux kernel.
Enabled ECC kernel modules required for confidential GPU functionality.
Enabled Grace platform support: Enabled ATS/PASID(PCI) for ARM64 kernel.
Updated the Linux kernel to v6.6.74.
Enabled Grace platform support: Enabled SMMU (v3) for ARM64 kernel.
Runtime sysctl changes:
Enabled Grace platform support: Enabled memory_hotplug and device_private in the ARM64 kernel.
Enabled Grace platform support: Enabled DMA-BUF shared memory support for the ARM64 kernel.
Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.
Backported Intel TDX (Trust Domain Extensions) and confidential computing patches from Linux kernel 6.7 upstream to enable TDX feature support.
]]>