Change

cos-117-18613-534-62

Security

Fixed CVE-2024-43826 in the Linux kernel.

Security

Fixed CVE-2025-38704 in the Linux kernel.

Security

Fixed CVE-2025-39748 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Change

cos-113-18244-582-62

Security

Fixed CVE-2025-38192 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Security

Fixed CVE-2026-23113 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

cos-121-18867-381-63

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Change

cos-beta-129-19506-0-121

Change

cos-dev-133-19681-0-0

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Change

Fixes a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-125-19216-220-117

Change

Made it so that /dev/hugepages is mounted as noexec for cchost boards.

Change

Made it so that /mnt/disks is mounted as noexec for cchost boards.

Change

Made it so that /run is mounted as noexec for cchost boards.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-beta-129-19506-0-115

Change

cos-dev-133-19672-0-0

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-125-19216-220-106

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-beta-129-19506-0-109

Change

cos-dev-133-19666-0-0

Change

Fixed CVE-2026-27135 in net-libs/nghttp2.

Change

Updated the Linux kernel to v6.12.77.

Feature

Enabled dynamic configuration of FUSE max pages limit.

Feature

Enabled dynamic configuration of FUSE max pages limit.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23297 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23316 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23380 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23383 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23390 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Change

cos-125-19216-220-99

Feature

Enabled dynamic configuration of FUSE max pages limit.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23297 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23316 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23380 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23383 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23390 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Change

cos-121-18867-381-56

Feature

Added support for loading the ublk kernel module.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

Change

cos-117-18613-534-53

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23351 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

Change

cos-113-18244-582-55

Fixed

Updated cos-gpu-installer to v2.6.1.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63503 -> 63215
• Changed: user.max_cgroup_namespaces: 31751 -> 31607
• Changed: user.max_ipc_namespaces: 31751 -> 31607
• Changed: user.max_mnt_namespaces: 31751 -> 31607
• Changed: user.max_net_namespaces: 31751 -> 31607
• Changed: user.max_pid_namespaces: 31751 -> 31607
• Changed: user.max_time_namespaces: 31751 -> 31607
• Changed: user.max_user_namespaces: 31751 -> 31607
• Changed: user.max_uts_namespaces: 31751 -> 31607

Change

cos-beta-129-19506-0-98

Change

Added support for the Lustre 2.14.0_p249 drivers.

Change

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Feature

Added support for loading the ublk kernel module.

Fixed

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23086 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-117-18613-534-48

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for loading the ublk kernel module.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Change

cos-125-19216-220-87

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for loading the ublk kernel module.

Fixed

Added CPU balloon support for Arm CPUs.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-dev-133-19654-0-0

Fixed

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Fixed

Upgraded dev-db/sqlite to v3.51.3.

Fixed

Upgraded dev-libs/expat to v2.7.5.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to v2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-125-19216-220-72

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Added CPU balloon support for Arm CPUs.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-121-18867-381-45

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Fixed CVE-2025-69648 in binutils-libs.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-dev-133-19633-0-0

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for 8th generation TPU devices.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.03.03.162944-r270.

Fixed

Upgraded dev-libs/expat to v2.7.4.

Fixed

Upgraded net-firewall/iptables to v1.8.13.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-117-18613-534-44

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-113-18244-582-47

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2024-26822 in the Linux kernel.

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-beta-129-19506-0-66

Change

cos-dev-133-19619-0-0

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Breaking

/dev/hugepages is now mounted with the noexec option.

Breaking

/dev/hugepages is now mounted with the noexec option.

Change

Updated cos-gpu-installer to v2.6.0.

Breaking

/run is now mounted with the noexec option.

Change

Updated the Linux kernel to v6.12.76.

Change

Updated cos-gpu-installer to v2.6.0.

Change

Upgraded CASFS to v0.1.2.

Change

Upgraded CASFS to v0.1.2.

Feature

Switched to using systemd-resolved stub resolver by default, which fixes DNS caching issues.

Change

Upgraded app-containers/containerd to v2.2.2.

Feature

Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.

Change

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Feature

Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Enabled buffer overflow detection for kernel str/mem functions.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Fixed

Upgraded dev-util/gn to v2331.

Fixed

Fixed performance and efficiency issues in TCPX through optimized netmem handling and scatter-gather list coalescing for large memory mappings.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-apps/file to v5.47.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Fixed

Upgraded dev-utils/gdbus-codegen to v2.86.3.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Fixed

Upgraded app-admin/fluent-bit to v4.2.3.1.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Fixed CVE-2026-23240 in the Linux kernel.

Security

Fixed a packet header clobbering issue in the IDPF driver occurring when SWIOTLB and header split are enabled.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Change

cos-121-18867-381-35

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

Change

cos-117-18613-534-36

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38162 in the Linux kernel.

Change

cos-113-18244-582-42

Security

Fixed CVE-2026-23054 in the Linux kernel.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Change

cos-125-19216-220-57

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Fixed

Downgraded ek-cpu-balloon driver to version 1.1.0 to address efficiency daemon issues.

Change

cos-113-18244-582-40

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2023-53421 in the Linux kernel.

Security

Fixed CVE-2025-13601, CVE-2025-14512, CVE-2025-14087 in dev-libs/glib.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-37920 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2025-38591 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Change

cos-117-18613-534-35

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3 and gdbus-codegen to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-121-18867-381-30

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Change

cos-125-19216-220-43

Change

Updated cos-gpu-installer to v2.6.0.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-125-19216-220-39

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-125-19216-220-38

Security

Fixed CVE-2026-23100 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-113-18244-582-29

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Fixed

Upgraded net-dns/c-ares to v1.31.0.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2025-6075 in python.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2025-61732 in dev-lang/go.

Security

Fixed CVE-2026-23086 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23119 in the Linux kernel.

Security

Fixed CVE-2026-23124 in the Linux kernel.

Security

Fixed CVE-2026-23145 in the Linux kernel.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-125-19216-220-34

Change

Added support for the Lustre 2.14.0_p246 drivers.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-121-18867-381-24

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-117-18613-534-24

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2025-61732 in dev-lang/go.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-121-18867-381-14

Change

Added support for the Lustre 2.14.0_p246 drivers.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-beta-129-19506-0-32

Change

cos-dev-133-19566-0-0

Change

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Change

Made it so that /run is mounted as noexec.

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Change

Updated the Linux kernel to v6.12.74.

Security

Fixed CVE-2025-68358 in the Linux kernel.

Change

Upgraded containerd to v2.2.1.

Security

Fixed CVE-2025-68365 in the Linux kernel.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Security

Fixed CVE-2025-68725 in the Linux kernel.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Security

Fixed CVE-2025-71225 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Security

Fixed CVE-2026-23113 in the Linux kernel.

Fixed

Enabled buffer overflow detection for kernel str/mem functions.

Security

Fixed CVE-2026-23119 in the Linux kernel.

Fixed

Upgraded app-admin/google-guest-agent to v20260121.00.

Security

Fixed CVE-2026-23124 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260128.00.

Security

Fixed CVE-2026-23148 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260129.00.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Fixed

Upgraded dev-db/sqlite to v3.51.2.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Security

Fixed CVE-2026-23161 in the Linux kernel.

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.6.

Security

Fixed CVE-2026-23173 in the Linux kernel.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2026-23177 in the Linux kernel.

Fixed

Upgraded sys-process/procps to v4.0.6.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2025-40147 in the Linux kernel.

Security

Fixed CVE-2026-23199 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Security

Fixed CVE-2026-23214 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Security

Fixed CVE-2026-23215 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23219 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-125-19216-220-24

Change

Fixed CVE-2026-23177 in the Linux kernel.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-47912, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61726, and CVE-2025-61728 in dev-lang/go.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2025-71225 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23148 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Fixed CVE-2026-23161 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Fixed CVE-2026-23173 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23199 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed CVE-2026-23214 in the Linux kernel.

Security

Fixed CVE-2026-23215 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23219 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-113-18244-582-11

Security

Fixed CVE-2023-54285 in the Linux kernel.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23025 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Change

cos-117-18613-534-15

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-6075 in python.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23209 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-121-18867-381-1

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-beta-129-19506-0-17

Change

Added kernel support for bare-metal on the NVIDIA Grace platform.

Change

Added support for A4X-Max NICs.

Change

Applied ethtool ring length changes to a4x's first Diorite interface.

Change

Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.

Change

Changed the mount options for /mnt/disks to noexec.

Change

Updated CONFIG_BLK_DEV_LOOP_MIN_COUNT to 0. This allows unlimited loop devices.

Change

Updated app-containers/containerd to v2.2.0.

Change

Updated app-containers/runc to v1.4.0.

Change

Updated dev-libs/openssl to v3.5.4.

Change

Updated the Linux kernel to v6.12.67.

Change

Upgraded dev-libs/json-c from 0.16-r1 to 0.18.0.

Change

Upgraded dev-libs/libuv from 1.43.0 to 1.51.0-r1.

Change

Upgraded dev-util/cmake from 3.26.4 to 3.31.9.

Feature

Added CPU balloon support for ARM CPUs.

Feature

Added ConnectX-8 RDMA support.

Feature

Added GB300 support to cos-extensions.

Feature

Added GDRCopy kernel module for NVIDIA drivers.

Feature

Added IPv6 support for machines using the IDPF driver.

Feature

Added TDX RTMR support.

Feature

Added guest support for paravirtualization of cpuids on ARM machines.

Feature

Added iRDMA support in the Linux kernel.

Feature

Added patches to handle IDPF tx timeouts.

Feature

Added support for CASFS (Content Addressable Storage File System) as a kernel module.

Feature

Added support for NVIDIA GB300 devices.

Feature

Added support for NVIDIA MFT Tools on arm64.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for all GPU types.

Feature

Added support for SCSI logging.

Feature

Added support for the Lustre 2.14.0_p224 drivers.

Feature

Added support for the fwctl subsystem and the Mellanox fwctl driver for ARM64.

Feature

Added support for zswap in the Linux kernel.

Feature

Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.

Feature

Configured the cos-gpu-installer to use R580 drivers as the default GPU drivers.

Feature

Disabled DNSSEC by default for COS TPU VMs.

Feature

Enabled HTCP TCP congestion control algorithm as a module.

Feature

Enabled KVM for COS ARM64.

Feature

Enabled Software Watchdog as a module.

Feature

Enabled automatic loading of RDMA kernel modules when CX-8 devices are detected.

Feature

Enabled dynamic vlan configuration for non-primary NICs.

Feature

Enabled hardware optimized SHA256 algorithms for x86 machines with SSSE3 and AVX/AVX2 instructions and ARM64 machines with SHA-NI and ARMv8 Crypto Extensions.

Feature

Enabled the Btrfs kernel module.

Feature

Enabled the google-guest-agent's network management functionality.

Feature

Fixed a bug in cos-extensions which would cause GB200 and GB300 devices not to be detected in one code path, which would result in Imex channels not being created by default.

Feature

Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.

Feature

Removed the futility program from the root file system.

Fixed

Add support for NVIDIA MFT Tools v4.33.0.

Fixed

Added binary auth-provider-gcp.

Fixed

Added support for NVIDIA driver v535.274.02 and v570.195.03.

Fixed

Added support for the Lustre 2.14.0_p216 drivers.

Fixed

Backported various TCPDirect networking fixes.

Fixed

Enabled multiport support for CX-8 devices.

Fixed

Fixed a TCPX bug which would sometimes incorrectly report devices as being missing when route cache entries were missing or invalidated.

Fixed

Fixed a bug where setting MTU above 9000 on ARM systems with a 64k page size would cause IDPF networking to fail.

Fixed

Fixed a kernel bug which caused boot to fail for n4 machine types.

Fixed

Fixed an issue in app-containers/runc that caused runc to use more file descriptors than intended.

Fixed

Fixed an issue where cpusets cgroups did not work with cgroup v1 enabled.

Fixed

Fixed an issue where the cpuidle driver selected for some machine types would cause inflated reports of high CPU usage.

Fixed

Fixed bcache latency spikes.

Fixed

Installed app-misc/c_rehash.

Fixed

Made CX-8 NIC naming order deterministic.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Fixed

Partially fixed an issue where excessive contention among writeback kworkers when switching a large number of inodes between cgroups could lead to system unresponsiveness.

Fixed

Reduced gcr_wait_online retry gap.

Fixed

Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.

Fixed

Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.

Fixed

Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.

Fixed

Updated app-admin/node-problem-detector to 0.8.21.

Fixed

Updated app-containers/cni-plugins to 1.7.1.

Fixed

Updated app-containers/cri-tools to 1.32.0.

Fixed

Updated cos-gpu-installer to v2.5.10.

Fixed

Updated dev-python/requests to v2.32.4.

Fixed

Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.

Fixed

Updated golang.org/x/oauth2, golang.org/x/net, golang.org/x/crypto, and github.com/golang-jwt/jwt/v5 in Docker.

Fixed

Updated kubelet and kubectl to v1.35.0.

Fixed

Updated net-misc/chrony to v4.8.

Fixed

Updated sys-libs/readline to v8.3.

Fixed

Updated app-admin/google-osconfig-agent to v20250522.00.

Fixed

Updated the dump capture kernel to v6.12.52.

Fixed

Updated toolbox container image tag to v20251002.

Fixed

Upgraded app-admin/fluent-bit to v4.2.2.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Fixed

Upgraded app-admin/oslogin to v20260116.00.

Fixed

Upgraded app-admin/sosreport to v4.10.2.

Fixed

Upgraded app-admin/sudo to v1.9.17_p2.

Fixed

Upgraded app-benchmarks/microbenchmarks to v0.0.1-r21.

Fixed

Upgraded app-containers/cni-plugins to v1.9.0.

Fixed

Upgraded app-containers/docker-credential-gcr to v2.1.31

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.5.

Fixed

Upgraded app-crypt/mit-krb5 from version 1.20.1 to version 1.22.1.

Fixed

Upgraded app-emulation/cloud-init to v25.1.4.

Fixed

Upgraded app-shells/bash to v5.3.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r668.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r671.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2737.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.01.16.201758-r268.

Fixed

Upgraded chromeos-base/minijail to v18-r168.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2972.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2833.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4879.

Fixed

Upgraded dev-db/sqlite to v3.50.3.

Fixed

Upgraded dev-db/sqlite to v3.50.4.

Fixed

Upgraded dev-db/sqlite to v3.51.1.

Fixed

Upgraded dev-lang/go to v1.23.11.

Fixed

Upgraded dev-lang/go to v1.23.12.

Fixed

Upgraded dev-libs/expat to v2.7.3.

Fixed

Upgraded dev-libs/libxslt to version 1.1.43-r1.

Fixed

Upgraded dev-libs/nss to 3.117 and dev-libs/nspr to 4.37.

Fixed

Upgraded dev-libs/openssl to 3.5.1.

Fixed

Upgraded dev-python/coverage to v7.10.7.

Fixed

Upgraded google-guest-configs to v20260121.00.

Fixed

Upgraded net-dns/c-ares to v1.34.6.

Fixed

Upgraded net-libs/gnutls to v3.8.11.

Fixed

Upgraded net-libs/libtirpc to v1.3.7-r2.

Fixed

Upgraded net-misc/curl from 8.12.1 to 8.17.0.

Fixed

Upgraded net-misc/openssh to 10.0_p1.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded net-misc/wget to v1.25.0-r1.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Fixed

Upgraded sys-apps/file to v5.46-r3.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Fixed

Upgraded sys-apps/hwdata to v0.400.

Fixed

Upgraded sys-apps/kmod to v34.2.

Fixed

Upgraded sys-apps/less to v692.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.8.

Fixed

Upgraded sys-apps/nvme-cli from version 1.6-r1 to version 2.16, added package sys-libs/libnvme.

Fixed

Upgraded sys-apps/pv to v1.10.1.

Fixed

Upgraded sys-apps/pv to v1.10.2.

Fixed

Upgraded sys-apps/pv to v1.10.3.

Fixed

Upgraded sys-apps/pv to v1.9.34.

Fixed

Upgraded sys-apps/pv to v1.9.42.

Fixed

Upgraded sys-apps/pv to v1.9.44.

Fixed

Upgraded sys-auth/pambase to v20251104.

Fixed

Upgraded sys-libs/libcap to v2.77.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/audit to 4.0.2-r1.

Fixed

Upgraded sys-process/lsof to v4.99.5.

Fixed

Upgraded sys-process/procps to v4.0.5-r3.

Fixed

Upgraded virtual/logger to v0-r2.

Fixed

upgraded net-fs/cifs-utils to v7.4.

Security

Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.

Security

Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.

Security

Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.

Security

Fixed CVE-2025-11412 in binutils-libs.

Security

Fixed CVE-2025-11413 and CVE-2025-11414 in binutils-libs.

Security

Fixed CVE-2025-11494 in binutils-libs.

Security

Fixed CVE-2025-11495 in binutils-libs.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.

Security

Fixed CVE-2025-40147 in the Linux kernel.

Security

Fixed CVE-2025-40212 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Security

Fixed CVE-2025-6052 in dev-libs/glib.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-8058 in glibc.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Fixed KCTF-01d3c84 in the Linux kernel.

Security

Fixed KCTF-134121b in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Security

Fixed KCTF-60e6489 in the Linux Kernel.

Security

Fixed KCTF-6bb73db in the Linux Kernel.

Security

Fixed KCTF-abad3d0 in the Linux kernel.

Security

Fixed KCTF-b441cf3 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Security

Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.

Security

Updated dev-python/urllib3 to v2.5.0. This resolves CVE-2025-50181.

Security

Updated sys-apps/coreutils to v9.5. This resolves CVE-2024-0684.

Security

Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.

Security

Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.

Security

Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.

Security

Upgraded open-vm-tools to 13.0.5. This fixes CVE-2025-41244 in anthos variant.

Security

Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.

Security

Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-117-18613-534-2

Announcement

This is an LTS Refresh release.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.4.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded sys-libs/libcap to v2.77.

Security

Fixed CVE-2025-22121 in the Linux kernel.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23025 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23054 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4608 -> 4096

Change

cos-121-18867-294-134

Announcement

This is an LTS Refresh release.

Security

Fixed CVE-2024-57994 in the Linux kernel.

Security

Fixed CVE-2025-37920 in the Linux kernel.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4608 -> 4096

Change

cos-125-19216-220-9

Announcement

This is an LTS Refresh release.

Feature

Added CPU balloon support for Arm CPUs.

Feature

Added guest support for paravirtualization of cpuids on Arm machines.

Fixed

Upgraded app-containers/docker-registry-test to v2.8.3.

Fixed

Upgraded dev-libs/expat to v2.7.3.

Fixed

Upgraded google-guest-configs to v20260121.00.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Fixed

Upgraded sys-auth/pambase to v20251104.

Fixed

Upgraded sys-libs/libcap to v2.77.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4608 -> 4096

Change

cos-125-19216-104-149

Fixed

Fixed TCPX performance issues.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Feature

Enabled TC Traffic Police as a module.

Security

Fixed CVE-2025-71183 in the Linux kernel.

Security

Fixed CVE-2026-23023 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Announcement

This is an LTS Refresh release.

Change

cos-113-18244-582-2

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.4.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded sys-libs/libcap to v2.77.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Change

cos-121-18867-294-116

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Security

Fixed CVE-2024-49968 in the Linux kernel.

Security

Fixed CVE-2024-57982 in the Linux kernel.

Change

cos-dev-129-19506-0-0

Change

Made it so that /mnt/disks is mounted as noexec.

Change

Updated CONFIG_BLK_DEV_LOOP_MIN_COUNT to 0. This allows unlimited loop devices.

Change

Updated app-containers/containerd to v2.2.0.

Change

Updated app-containers/runc to v1.4.0.

Change

Updated dev-libs/openssl to v3.5.4.

Change

Updated the Linux kernel to v6.12.67.

Change

Upgrade dev-libs/json-c from 0.16-r1 to 0.18.0.

Change

Upgrade dev-libs/libuv from 1.43.0 to 1.51.0-r1.

Change

Upgrade dev-util/cmake from 3.26.4 to 3.31.9.

Feature

Added support for CASFS (Content Addressable Storage File System) as a kernel module.

Feature

Removed the futility program from the root file system.

Fixed

Added binary auth-provider-gcp.

Fixed

Updated cos-gpu-installer to v2.5.10.

Fixed

Updated kubelet and kubectl to v1.35.0.

Fixed

Updated sys-libs/readline to v8.3.

Fixed

Upgraded app-admin/fluent-bit to v4.2.2.

Fixed

Upgraded app-admin/google-guest-configs to v20260112.00.

Fixed

Upgraded app-admin/oslogin to v20260116.00.

Fixed

Upgraded app-admin/sosreport to v4.10.2.

Fixed

Upgraded app-benchmarks/microbenchmarks to v0.0.1-r21.

Fixed

Upgraded app-containers/cni-plugins to v1.9.0.

Fixed

Upgraded app-containers/docker-credential-gcr to v2.1.31

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.5.

Fixed

Upgraded app-crypt/mit-krb5 from version 1.20.1 to version 1.22.1.

Fixed

Upgraded app-shells/bash to v5.3.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r671.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2737.

Fixed

Upgraded chromeos-base/google-breakpad to v2025.12.22.204548-r263.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.01.12.054131-r266.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.01.16.201758-r268.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2972.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2833.

Fixed

Upgraded dev-db/sqlite to v3.51.1.

Fixed

Upgraded google-guest-configs to v20260121.00.

Fixed

Upgraded net-dns/c-ares to v1.34.6.

Fixed

Upgraded net-libs/gnutls to v3.8.11.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Fixed

Upgraded sys-apps/kmod to v34.2.

Fixed

Upgraded sys-apps/less to v691.

Fixed

Upgraded sys-apps/nvme-cli from version 1.6-r1 to version 2.16, added package sys-libs/libnvme.

Fixed

Upgraded sys-apps/pv to v1.10.3.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-125-19216-104-133

Security

Fixed CVE-2025-38591 in the Linux kernel.

Security

Fixed CVE-2025-40149 in the Linux kernel.

Security

Fixed CVE-2025-71148 in the Linux kernel.

Security

Fixed CVE-2025-71149 in the Linux kernel.

Security

Fixed CVE-2025-71151 in the Linux kernel.

Security

Fixed CVE-2025-71156 in the Linux kernel.

Security

Fixed CVE-2025-71157 in the Linux kernel.

Security

Fixed CVE-2025-71160 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-22976 in the Linux kernel.

Security

Fixed CVE-2026-22977 in the Linux kernel.

Security

Fixed CVE-2026-22979 in the Linux kernel.

Security

Fixed CVE-2026-22980 in the Linux kernel.

Security

Fixed CVE-2026-22988 in the Linux kernel.

Security

Fixed CVE-2026-22989 in the Linux kernel.

Security

Fixed CVE-2026-22994 in the Linux kernel.

Security

Fixed CVE-2026-22996 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23000 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23002 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

Change

cos-121-18867-294-112

Feature

Enabled TC Traffic Police as a module.

Security

Fixed CVE-2025-22111 in the Linux kernel.

Security

Fixed CVE-2025-71148 in the Linux kernel.

Security

Fixed CVE-2025-71149 in the Linux kernel.

Security

Fixed CVE-2025-71151 in the Linux kernel.

Security

Fixed CVE-2025-71160 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-22976 in the Linux kernel.

Security

Fixed CVE-2026-22977 in the Linux kernel.

Security

Fixed CVE-2026-22979 in the Linux kernel.

Security

Fixed CVE-2026-22980 in the Linux kernel.

Security

Fixed CVE-2026-22988 in the Linux kernel.

Security

Fixed CVE-2026-22994 in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

Change

cos-117-18613-439-120

Security

Fixed CVE-2025-71148 in the Linux kernel.

Security

Fixed CVE-2025-71149 in the Linux kernel.

Security

Fixed CVE-2025-71151 in the Linux kernel.

Security

Fixed CVE-2025-71160 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-22976 in the Linux kernel.

Security

Fixed CVE-2026-22977 in the Linux kernel.

Security

Fixed CVE-2026-22979 in the Linux kernel.

Security

Fixed CVE-2026-22980 in the Linux kernel.

Security

Fixed CVE-2026-22988 in the Linux kernel.

Security

Fixed CVE-2026-22994 in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.tainted: 4096 -> 4608

Change

cos-113-18244-521-98

Fixed

Upgraded sys-apps/less to v691.

Security

Fixed CVE-2024-49968 in the Linux kernel.

Security

Fixed CVE-2025-71149 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-22976 in the Linux kernel.

Security

Fixed CVE-2026-22977 in the Linux kernel.

Security

Fixed CVE-2026-22979 in the Linux kernel.

Security

Fixed CVE-2026-22980 in the Linux kernel.

Security

Fixed CVE-2026-22988 in the Linux kernel.

Security

Fixed CVE-2026-22994 in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Change

cos-117-18613-439-108

Fixed

Installed app-misc/c_rehash, which was unintentionally removed after the dev-libs/openssl update.

Fixed

Upgraded sys-apps/less to v691.

Security

Fixed CVE-2024-49968 in the Linux kernel.

Security

Fixed CVE-2024-57982 in the Linux kernel.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-22111 in the Linux kernel.

Security

Fixed CVE-2025-38022 in the Linux kernel.

Security

Fixed CVE-2025-38129 in the Linux kernel.

Security

Fixed CVE-2025-68259 in the Linux kernel.

Security

Fixed CVE-2025-68261 in the Linux kernel.

Security

Fixed CVE-2025-68264 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-68337 in the Linux kernel.

Security

Fixed CVE-2025-68349 in the Linux kernel.

Security

Fixed CVE-2025-68363 in the Linux kernel.

Security

Fixed CVE-2025-68724 in the Linux kernel.

Security

Fixed CVE-2025-68740 in the Linux kernel.

Security

Fixed CVE-2025-68744 in the Linux kernel.

Security

Fixed CVE-2025-68756 in the Linux kernel.

Security

Fixed CVE-2025-68764 in the Linux kernel.

Security

Fixed CVE-2025-68775 in the Linux kernel.

Security

Fixed CVE-2025-68780 in the Linux kernel.

Security

Fixed CVE-2025-68782 in the Linux kernel.

Security

Fixed CVE-2025-68788 in the Linux kernel.

Security

Fixed CVE-2025-68794 in the Linux kernel.

Security

Fixed CVE-2025-68795 in the Linux kernel.

Security

Fixed CVE-2025-68798 in the Linux kernel.

Security

Fixed CVE-2025-68803 in the Linux kernel.

Security

Fixed CVE-2025-68813 in the Linux kernel.

Security

Fixed CVE-2025-68814 in the Linux kernel.

Security

Fixed CVE-2025-68816 in the Linux kernel.

Security

Fixed CVE-2025-68820 in the Linux kernel.

Security

Fixed CVE-2025-68821 in the Linux kernel.

Security

Fixed CVE-2025-71068 in the Linux kernel.

Security

Fixed CVE-2025-71077 in the Linux kernel.

Security

Fixed CVE-2025-71084 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2025-71096 in the Linux kernel.

Security

Fixed CVE-2025-71097 in the Linux kernel.

Security

Fixed CVE-2025-71098 in the Linux kernel.

Security

Fixed CVE-2025-71102 in the Linux kernel.

Security

Fixed CVE-2025-71104 in the Linux kernel.

Security

Fixed CVE-2025-71113 in the Linux kernel.

Security

Fixed CVE-2025-71118 in the Linux kernel.

Security

Fixed CVE-2025-71120 in the Linux kernel.

Security

Fixed CVE-2025-71123 in the Linux kernel.

Security

Fixed CVE-2025-71125 in the Linux kernel.

Security

Fixed CVE-2025-71131 in the Linux kernel.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Updated dev-libs/openssl to v3.0.19. This resolves CVE-2025-15467.

Change

cos-121-18867-294-100

Fixed

Installed app-misc/c_rehash, which was unintentionally removed after the dev-libs/openssl update.

Fixed

Upgraded app-admin/sosreport to v4.10.2.

Fixed

Upgraded sys-apps/less to v691.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-38022 in the Linux kernel.

Security

Fixed CVE-2025-38129 in the Linux kernel.

Security

Fixed CVE-2025-68259 in the Linux kernel.

Security

Fixed CVE-2025-68261 in the Linux kernel.

Security

Fixed CVE-2025-68264 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-68337 in the Linux kernel.

Security

Fixed CVE-2025-68349 in the Linux kernel.

Security

Fixed CVE-2025-68363 in the Linux kernel.

Security

Fixed CVE-2025-68724 in the Linux kernel.

Security

Fixed CVE-2025-68740 in the Linux kernel.

Security

Fixed CVE-2025-68744 in the Linux kernel.

Security

Fixed CVE-2025-68756 in the Linux kernel.

Security

Fixed CVE-2025-68764 in the Linux kernel.

Security

Fixed CVE-2025-68775 in the Linux kernel.

Security

Fixed CVE-2025-68780 in the Linux kernel.

Security

Fixed CVE-2025-68782 in the Linux kernel.

Security

Fixed CVE-2025-68788 in the Linux kernel.

Security

Fixed CVE-2025-68794 in the Linux kernel.

Security

Fixed CVE-2025-68795 in the Linux kernel.

Security

Fixed CVE-2025-68798 in the Linux kernel.

Security

Fixed CVE-2025-68813 in the Linux kernel.

Security

Fixed CVE-2025-68814 in the Linux kernel.

Security

Fixed CVE-2025-68816 in the Linux kernel.

Security

Fixed CVE-2025-68820 in the Linux kernel.

Security

Fixed CVE-2025-68821 in the Linux kernel.

Security

Fixed CVE-2025-71068 in the Linux kernel.

Security

Fixed CVE-2025-71077 in the Linux kernel.

Security

Fixed CVE-2025-71084 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2025-71096 in the Linux kernel.

Security

Fixed CVE-2025-71097 in the Linux kernel.

Security

Fixed CVE-2025-71098 in the Linux kernel.

Security

Fixed CVE-2025-71102 in the Linux kernel.

Security

Fixed CVE-2025-71104 in the Linux kernel.

Security

Fixed CVE-2025-71113 in the Linux kernel.

Security

Fixed CVE-2025-71118 in the Linux kernel.

Security

Fixed CVE-2025-71120 in the Linux kernel.

Security

Fixed CVE-2025-71123 in the Linux kernel.

Security

Fixed CVE-2025-71125 in the Linux kernel.

Security

Fixed CVE-2025-71131 in the Linux kernel.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Updated dev-libs/openssl to v3.0.19. This resolves CVE-2025-15467.

Change

cos-113-18244-521-88

Fixed

Installed app-misc/c_rehash, which was unintentionally removed after the dev-libs/openssl update.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-68795 in the Linux kernel.

Security

Fixed CVE-2025-68816 in the Linux kernel.

Security

Fixed CVE-2025-71102 in the Linux kernel.

Security

Fixed CVE-2025-71104 in the Linux kernel.

Security

Fixed CVE-2025-71113 in the Linux kernel.

Security

Fixed CVE-2025-71118 in the Linux kernel.

Security

Fixed CVE-2025-71120 in the Linux kernel.

Security

Fixed CVE-2025-71123 in the Linux kernel.

Security

Fixed CVE-2025-71125 in the Linux kernel.

Security

Fixed CVE-2025-71131 in the Linux kernel.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Updated dev-libs/openssl to v3.0.19. This resolves CVE-2025-15467.

Change

cos-125-19216-104-126

Fixed

Upgraded app-admin/sosreport to v4.10.2.

Fixed

Upgraded sys-apps/less to v691.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Change

cos-125-19216-104-117

Fixed

Fixed a performance issue in TCPX.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-71141 in the Linux kernel.

Change

cos-125-19216-104-113

Security

Applied urllib3 patch for CVE-2024-37891.

Change

Applied ethtool ring length changes to a4x's first Diorite interface.

Fixed

Updated dev-libs/openssl to v3.5.4.

Feature

Enabled guest support for NVIDIA virtual command queues (CMDQV).

Fixed

Updated cos-gpu-installer to v2.5.10.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-22111 in the Linux kernel.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2025-40325 in the Linux kernel.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68259 in the Linux kernel.

Security

Fixed CVE-2025-68261 in the Linux kernel.

Security

Fixed CVE-2025-68264 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-68337 in the Linux kernel.

Security

Fixed CVE-2025-68348 in the Linux kernel.

Security

Fixed CVE-2025-68349 in the Linux kernel.

Security

Fixed CVE-2025-68363 in the Linux kernel.

Security

Fixed CVE-2025-68366 in the Linux kernel.

Security

Fixed CVE-2025-68369 in the Linux kernel.

Security

Fixed CVE-2025-68372 in the Linux kernel.

Security

Fixed CVE-2025-68374 in the Linux kernel.

Security

Fixed CVE-2025-68724 in the Linux kernel.

Security

Fixed CVE-2025-68727 in the Linux kernel.

Security

Fixed CVE-2025-68728 in the Linux kernel.

Security

Fixed CVE-2025-68740 in the Linux kernel.

Security

Fixed CVE-2025-68742 in the Linux kernel.

Security

Fixed CVE-2025-68744 in the Linux kernel.

Security

Fixed CVE-2025-68775 in the Linux kernel.

Security

Fixed CVE-2025-68778 in the Linux kernel.

Security

Fixed CVE-2025-68780 in the Linux kernel.

Security

Fixed CVE-2025-68782 in the Linux kernel.

Security

Fixed CVE-2025-68788 in the Linux kernel.

Security

Fixed CVE-2025-68794 in the Linux kernel.

Security

Fixed CVE-2025-68795 in the Linux kernel.

Security

Fixed CVE-2025-68798 in the Linux kernel.

Security

Fixed CVE-2025-68800 in the Linux kernel.

Security

Fixed CVE-2025-68801 in the Linux kernel.

Security

Fixed CVE-2025-68803 in the Linux kernel.

Security

Fixed CVE-2025-68810 in the Linux kernel.

Security

Fixed CVE-2025-68811 in the Linux kernel.

Security

Fixed CVE-2025-68813 in the Linux kernel.

Security

Fixed CVE-2025-68814 in the Linux kernel.

Security

Fixed CVE-2025-68816 in the Linux kernel.

Security

Fixed CVE-2025-68820 in the Linux kernel.

Security

Fixed CVE-2025-68821 in the Linux kernel.

Security

Fixed CVE-2025-71067 in the Linux kernel.

Security

Fixed CVE-2025-71068 in the Linux kernel.

Security

Fixed CVE-2025-71072 in the Linux kernel.

Security

Fixed CVE-2025-71077 in the Linux kernel.

Security

Fixed CVE-2025-71080 in the Linux kernel.

Security

Fixed CVE-2025-71084 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2025-71096 in the Linux kernel.

Security

Fixed CVE-2025-71097 in the Linux kernel.

Security

Fixed CVE-2025-71098 in the Linux kernel.

Security

Fixed CVE-2025-71102 in the Linux kernel.

Security

Fixed CVE-2025-71104 in the Linux kernel.

Security

Fixed CVE-2025-71113 in the Linux kernel.

Security

Fixed CVE-2025-71118 in the Linux kernel.

Security

Fixed CVE-2025-71120 in the Linux kernel.

Security

Fixed CVE-2025-71123 in the Linux kernel.

Security

Fixed CVE-2025-71125 in the Linux kernel.

Security

Fixed CVE-2025-71131 in the Linux kernel.

Security

Fixed CVE-2025-71134 in the Linux kernel.

Security

Fixed CVE-2025-71135 in the Linux kernel.

Change

cos-113-18244-521-74

Fixed

Updated dev-libs/openssl to v3.0.18

Security

Applied urllib3 patch for CVE-2024-37891.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-22111 in the Linux kernel.

Security

Fixed CVE-2025-38022 in the Linux kernel.

Security

Fixed CVE-2025-38129 in the Linux kernel.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Security

Fixed CVE-2025-68261 in the Linux kernel.

Security

Fixed CVE-2025-68264 in the Linux kernel.

Security

Fixed CVE-2025-68337 in the Linux kernel.

Security

Fixed CVE-2025-68349 in the Linux kernel.

Security

Fixed CVE-2025-68363 in the Linux kernel.

Security

Fixed CVE-2025-68724 in the Linux kernel.

Security

Fixed CVE-2025-68740 in the Linux kernel.

Security

Fixed CVE-2025-68780 in the Linux kernel.

Security

Fixed CVE-2025-68782 in the Linux kernel.

Security

Fixed CVE-2025-68788 in the Linux kernel.

Security

Fixed CVE-2025-68798 in the Linux kernel.

Security

Fixed CVE-2025-68803 in the Linux kernel.

Security

Fixed CVE-2025-68813 in the Linux kernel.

Security

Fixed CVE-2025-68814 in the Linux kernel.

Security

Fixed CVE-2025-68820 in the Linux kernel.

Security

Fixed CVE-2025-68821 in the Linux kernel.

Security

Fixed CVE-2025-71077 in the Linux kernel.

Security

Fixed CVE-2025-71084 in the Linux kernel.

Security

Fixed CVE-2025-71096 in the Linux kernel.

Security

Fixed CVE-2025-71097 in the Linux kernel.

Security

Fixed CVE-2025-71098 in the Linux kernel.

Change

cos-117-18613-439-92

Security

Applied urllib3 patch for CVE-2024-37891.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Change

cos-121-18867-294-88

Change

Updated dev-libs/openssl to v3.0.18.

Security

Applied urllib3 patch for CVE-2024-37891.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Change

cos-125-19216-104-95

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-68329 in the Linux kernel.

Security

Fixed CVE-2025-68756 in the Linux kernel.

Security

Fixed CVE-2025-68758 in the Linux kernel.

Security

Fixed CVE-2025-68763 in the Linux kernel.

Security

Fixed CVE-2025-68764 in the Linux kernel.

Security

Fixed CVE-2025-68766 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-121-18867-294-78

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Security

Fixed CVE-2025-40350 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.tcp_mem: 94044 125392 188088 -> 94041 125391 188082
• Changed: net.ipv4.udp_mem: 188088 250784 376176 -> 188085 250783 376170

Change

cos-117-18613-439-82

Fixed

Added bcache clock cache replacement policy.

Change

cos-125-19216-104-89

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Security

Fixed CVE-2025-40346 in the Linux kernel.

Security

Fixed CVE-2025-40348 in the Linux kernel.

Security

Fixed CVE-2025-40353 in the Linux kernel.

Security

Fixed CVE-2025-40359 in the Linux kernel.

Security

Fixed CVE-2025-40360 in the Linux kernel.

Security

Fixed CVE-2025-40361 in the Linux kernel.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-68171 in the Linux kernel.

Security

Fixed CVE-2025-68173 in the Linux kernel.

Security

Fixed CVE-2025-68178 in the Linux kernel.

Security

Fixed CVE-2025-68183 in the Linux kernel.

Security

Fixed CVE-2025-68185 in the Linux kernel.

Security

Fixed CVE-2025-68186 in the Linux kernel.

Security

Fixed CVE-2025-68188 in the Linux kernel.

Security

Fixed CVE-2025-68191 in the Linux kernel.

Security

Fixed CVE-2025-68198 in the Linux kernel.

Security

Fixed CVE-2025-68199 in the Linux kernel.

Security

Fixed CVE-2025-68200 in the Linux kernel.

Security

Fixed CVE-2025-68208 in the Linux kernel.

Security

Fixed CVE-2025-68213 in the Linux kernel.

Security

Fixed CVE-2025-68214 in the Linux kernel.

Security

Fixed CVE-2025-68219 in the Linux kernel.

Security

Fixed CVE-2025-68224 in the Linux kernel.

Security

Fixed CVE-2025-68229 in the Linux kernel.

Security

Fixed CVE-2025-68231 in the Linux kernel.

Security

Fixed CVE-2025-68241 in the Linux kernel.

Security

Fixed CVE-2025-68242 in the Linux kernel.

Security

Fixed CVE-2025-68292 in the Linux kernel.

Security

Fixed CVE-2025-68293 in the Linux kernel.

Security

Fixed CVE-2025-68295 in the Linux kernel.

Security

Fixed CVE-2025-68313 in the Linux kernel.

Security

Fixed CVE-2025-68317 in the Linux kernel.

Security

Fixed CVE-2025-68321 in the Linux kernel.

Security

Fixed CVE-2025-68324 in the Linux kernel.

Security

Fixed CVE-2025-68325 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811475 -> 811504
• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-121-18867-294-76

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Security

Fixed CVE-2025-40346 in the Linux kernel.

Security

Fixed CVE-2025-40360 in the Linux kernel.

Security

Fixed CVE-2025-40361 in the Linux kernel.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-68171 in the Linux kernel.

Security

Fixed CVE-2025-68173 in the Linux kernel.

Security

Fixed CVE-2025-68178 in the Linux kernel.

Security

Fixed CVE-2025-68183 in the Linux kernel.

Security

Fixed CVE-2025-68185 in the Linux kernel.

Security

Fixed CVE-2025-68191 in the Linux kernel.

Security

Fixed CVE-2025-68198 in the Linux kernel.

Security

Fixed CVE-2025-68200 in the Linux kernel.

Security

Fixed CVE-2025-68208 in the Linux kernel.

Security

Fixed CVE-2025-68214 in the Linux kernel.

Security

Fixed CVE-2025-68219 in the Linux kernel.

Security

Fixed CVE-2025-68224 in the Linux kernel.

Security

Fixed CVE-2025-68229 in the Linux kernel.

Security

Fixed CVE-2025-68231 in the Linux kernel.

Security

Fixed CVE-2025-68241 in the Linux kernel.

Security

Fixed CVE-2025-68295 in the Linux kernel.

Security

Fixed CVE-2025-68321 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811762 -> 811813
• Changed: net.ipv4.tcp_mem: 94041 125391 188082 -> 94044 125392 188088
• Changed: net.ipv4.udp_mem: 188085 250783 376170 -> 188088 250784 376176

Change

cos-117-18613-439-81

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Security

Fixed CVE-2025-40346 in the Linux kernel.

Security

Fixed CVE-2025-40360 in the Linux kernel.

Security

Fixed CVE-2025-40361 in the Linux kernel.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-68171 in the Linux kernel.

Security

Fixed CVE-2025-68173 in the Linux kernel.

Security

Fixed CVE-2025-68178 in the Linux kernel.

Security

Fixed CVE-2025-68183 in the Linux kernel.

Security

Fixed CVE-2025-68185 in the Linux kernel.

Security

Fixed CVE-2025-68191 in the Linux kernel.

Security

Fixed CVE-2025-68198 in the Linux kernel.

Security

Fixed CVE-2025-68200 in the Linux kernel.

Security

Fixed CVE-2025-68208 in the Linux kernel.

Security

Fixed CVE-2025-68214 in the Linux kernel.

Security

Fixed CVE-2025-68219 in the Linux kernel.

Security

Fixed CVE-2025-68224 in the Linux kernel.

Security

Fixed CVE-2025-68229 in the Linux kernel.

Security

Fixed CVE-2025-68231 in the Linux kernel.

Security

Fixed CVE-2025-68241 in the Linux kernel.

Security

Fixed CVE-2025-68295 in the Linux kernel.

Security

Fixed CVE-2025-68321 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811737 -> 811699

Change

cos-113-18244-521-65

Change

Updated app-admin/sosreport to v4.10.1. Enabled containerd stack dump by default.

Fixed

Upgraded net-misc/socat to v1.8.1.0.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Security

Fixed CVE-2025-40346 in the Linux kernel.

Security

Fixed CVE-2025-40361 in the Linux kernel.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-68171 in the Linux kernel.

Security

Fixed CVE-2025-68173 in the Linux kernel.

Security

Fixed CVE-2025-68185 in the Linux kernel.

Security

Fixed CVE-2025-68191 in the Linux kernel.

Security

Fixed CVE-2025-68200 in the Linux kernel.

Security

Fixed CVE-2025-68224 in the Linux kernel.

Security

Fixed CVE-2025-68229 in the Linux kernel.

Security

Fixed CVE-2025-68231 in the Linux kernel.

Security

Fixed CVE-2025-68241 in the Linux kernel.

Security

Fixed CVE-2025-68295 in the Linux kernel.

Security

Fixed CVE-2025-68321 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 812054 -> 812031

Change

cos-dev-129-19437-0-0

Change

Applied ethtool ring length changes to a4x's first Diorite interface.

Feature

Added guest support for paravirtualization of cpuids on ARM machines.

Fixed

Upgraded net-misc/curl from 8.12.1 to 8.17.0.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Security

Updated containerd and containerd-test to v2.1.5. This resolves CVE-2024-25621 and CVE-2025-64329.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811412 -> 811430

Change

cos-125-19216-104-74

Fixed

Backported upstream commit to reduce bcache gc latency.

Security

Fixed KCTF-f05a4f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811448 -> 811475

Change

cos-121-18867-294-68

Fixed

Backported upstream commit to reduce bcache gc latency.

Security

Fixed KCTF-f05a4f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811817 -> 811762

Change

cos-117-18613-439-72

Fixed

Backported upstream commit to reduce bcache gc latency.

Security

Fixed KCTF-f05a4f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811769 -> 811737

Change

cos-113-18244-521-56

Security

Fixed KCTF-f05a4f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 812044 -> 812054

Change

cos-113-18244-521-55

Feature

Added support for NVIDIA drivers v580.95.05 and v580.105.08.

Fixed

Fixed CVE-2025-40271 in the Linux kernel.

Fixed

Fixed CVE-2025-40273 in the Linux kernel.

Security

Fixed CVE-2024-25621 and CVE-2025-64329 in app-containers/containerd.

Security

Fixed CVE-2025-38057 in the Linux kernel.

Security

Fixed CVE-2025-38678 in the Linux kernel.

Security

Fixed CVE-2025-40083 in the Linux kernel.

Security

Fixed CVE-2025-40220 in the Linux kernel.

Security

Fixed CVE-2025-40248 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-40292 in the Linux kernel.

Security

Fixed CVE-2025-40293 in the Linux kernel.

Security

Fixed CVE-2025-40297 in the Linux kernel.

Security

Fixed CVE-2025-40319 in the Linux kernel.

Security

Fixed CVE-2025-40324 in the Linux kernel.

Security

Fixed CVE-2025-40341 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 812052 -> 812044

Change

cos-125-19216-104-72

Security

Fixed CVE-2025-40231 in the Linux kernel.

Security

Fixed CVE-2025-40238 in the Linux kernel.

Security

Fixed CVE-2025-40248 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-40292 in the Linux kernel.

Security

Fixed CVE-2025-40297 in the Linux kernel.

Security

Fixed CVE-2025-40303 in the Linux kernel.

Security

Fixed CVE-2025-40305 in the Linux kernel.

Security

Fixed CVE-2025-40313 in the Linux kernel.

Security

Fixed CVE-2025-40319 in the Linux kernel.

Security

Fixed CVE-2025-40320 in the Linux kernel.

Security

Fixed CVE-2025-40324 in the Linux kernel.

Security

Fixed CVE-2025-40328 in the Linux kernel.

Security

Fixed CVE-2025-40341 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Security

Updated app-containers/containerd and app-containers/containerd-test to v2.1.5. This resolves CVE-2024-25621 and CVE-2025-64329.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811449 -> 811448

Change

cos-121-18867-294-66

Security

Fixed CVE-2025-40220 in the Linux kernel.

Security

Fixed CVE-2025-40231 in the Linux kernel.

Security

Fixed CVE-2025-40292 in the Linux kernel.

Security

Fixed CVE-2025-40293 in the Linux kernel.

Security

Fixed CVE-2025-40297 in the Linux kernel.

Security

Fixed CVE-2025-40319 in the Linux kernel.

Security

Fixed CVE-2025-40324 in the Linux kernel.

Security

Fixed CVE-2025-40328 in the Linux kernel.

Security

Fixed CVE-2025-40341 in the Linux kernel.

Security

Updated app-containers/containerd and app-containers/containerd-test to v2.0.7. This resolves CVE-2024-25621 and CVE-2025-64329.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811799 -> 811817

Change

cos-117-18613-439-70

Security

Fixed CVE-2025-40328 in the Linux kernel.

Security

Fixed CVE-2025-40341 in the Linux kernel.

Security

Updated app-containers/containerd and app-containers/containerd-test to v1.7.29. This resolves CVE-2024-25621 and CVE-2025-64329.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811701 -> 811769

Change

cos-117-18613-439-65

Feature

Added patches to handle IDPF tx timeouts.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Security

Fixed CVE-2025-21868 in the Linux kernel.

Security

Fixed CVE-2025-22103 in the Linux kernel.

Security

Fixed CVE-2025-38057 in the Linux kernel.

Security

Fixed CVE-2025-38678 in the Linux kernel.

Security

Fixed CVE-2025-40104 in the Linux kernel.

Security

Fixed CVE-2025-40220 in the Linux kernel.

Security

Fixed CVE-2025-40231 in the Linux kernel.

Security

Fixed CVE-2025-40248 in the Linux kernel.

Security

Fixed CVE-2025-40250 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-40268 in the Linux kernel.

Security

Fixed CVE-2025-40271 in the Linux kernel.

Security

Fixed CVE-2025-40272 in the Linux kernel.

Security

Fixed CVE-2025-40273 in the Linux kernel.

Security

Fixed CVE-2025-40292 in the Linux kernel.

Security

Fixed CVE-2025-40293 in the Linux kernel.

Security

Fixed CVE-2025-40297 in the Linux kernel.

Security

Fixed CVE-2025-40319 in the Linux kernel.

Security

Fixed CVE-2025-40320 in the Linux kernel.

Security

Fixed CVE-2025-40324 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811701

Change

cos-121-18867-294-60

Feature

Applied critical tx timeout patch series to fix idpf bug.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Security

Fixed CVE-2025-21868 in the Linux kernel.

Security

Fixed CVE-2025-22103 in the Linux kernel.

Security

Fixed CVE-2025-38057 in the Linux kernel.

Security

Fixed CVE-2025-38678 in the Linux kernel.

Security

Fixed CVE-2025-40248 in the Linux kernel.

Security

Fixed CVE-2025-40250 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-40266 in the Linux kernel.

Security

Fixed CVE-2025-40268 in the Linux kernel.

Security

Fixed CVE-2025-40271 in the Linux kernel.

Security

Fixed CVE-2025-40272 in the Linux kernel.

Security

Fixed CVE-2025-40273 in the Linux kernel.

Security

Fixed CVE-2025-40320 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811755 -> 811799

Change

cos-125-19216-104-61

Feature

Added patches to handle IDPF tx timeouts.

Feature

Enabled automatic loading of RDMA kernel modules when CX-8 devices are detected.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Security

Fixed CVE-2025-38678 in the Linux kernel.

Security

Fixed CVE-2025-40209 in the Linux kernel.

Security

Fixed CVE-2025-40230 in the Linux kernel.

Security

Fixed CVE-2025-40235 in the Linux kernel.

Security

Fixed CVE-2025-40250 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-40266 in the Linux kernel.

Security

Fixed CVE-2025-40268 in the Linux kernel.

Security

Fixed CVE-2025-40271 in the Linux kernel.

Security

Fixed CVE-2025-40272 in the Linux kernel.

Security

Fixed CVE-2025-40273 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811530 -> 811449

Change

cos-dev-129-19424-0-0

Change

Updated the Linux kernel to v6.12.61.

Feature

Added patches to handle IDPF tx timeouts.

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for all GPU types.

Feature

Enabled automatic loading of RDMA kernel modules when CX-8 devices are detected.

Fixed

Upgraded app-admin/fluent-bit to v4.2.0.

Fixed

upgraded net-fs/cifs-utils to v7.4.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811490 -> 811412

Change

cos-113-18244-521-45

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Security

Fixed CVE-2025-40231 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811999 -> 812052

Change

cos-113-18244-521-41

Fixed

Made the google-guest-agent more resilient to network link flakes.

Security

Updated vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 812031 -> 811999

Change

cos-125-19216-104-45

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for all GPU types.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811428 -> 811530
• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-121-18867-294-42

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for NVIDIA_RTX_PRO_6000, NVIDIA_GB200, NVIDIA_B200, and NVIDIA_H200 GPU types.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811812 -> 811755

Change

cos-117-18613-439-49

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for NVIDIA_RTX_PRO_6000, NVIDIA_GB200, NVIDIA_B200, and NVIDIA_H200 GPU types.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811751 -> 811788

Change

cos-dev-129-19407-0-0

Fixed

Made the google-guest-agent more resilient to network link flakes.

Security

Fixed CVE-2025-40212 in the Linux kernel.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: fs.file-max: 811538 -> 811490