Container-Optimized OS Release Notes: Milestone 117
Stay organized with collections
Save and categorize content based on your preferences.
You can see the latest product updates for all of Google Cloud on the
Google Cloud page, browse and filter all release notes in the
Google Cloud console,
or programmatically access release notes in
BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly.
February 10, 2025
Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.
Updated Konlet to v0.13.4.
Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.
Updated cos-gpu-installer to v2.4.7:
1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64
Upgraded app-admin/fluent-bit to v3.1.10.
Upgraded sys-apps/hwdata to v0.391.
Fixed CVE-2025-0840 in binutils.
Fixed CVE-2025-21673 in the Linux kernel.
Fixed CVE-2025-21669 in the Linux kernel.
Fixed CVE-2025-21683 in the Linux kernel.
Fixed CVE-2024-50304 in the Linux kernel.
Fixed CVE-2025-21671 in the Linux kernel.
Fixed CVE-2025-21670 in the Linux kernel.
Fixed CVE-2024-50014 in the Linux kernel.
Fixed CVE-2024-49994 in the Linux kernel.
Fixed CVE-2025-21666 in the Linux kernel.
Fixed CVE-2025-21665 in the Linux kernel.
Fixed CVE-2025-21667 in the Linux kernel.
February 03, 2025
Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.
Backported Intel TDX (Trust Domain Extensions) and confidential computing patches from Linux kernel 6.7 upstream to enable TDX feature support.
Enabled Grace platform support: Enabled DMA-BUF shared
memory support for the ARM64 kernel.
Enabled Grace platform support: Enabled ATS/PASID(PCI) for
ARM64 kernel.
Enabled Grace platform support: Enabled SMMU (v3) for ARM64
kernel.
Enabled Grace platform support: Enabled memory_hotplug and
device_private in the ARM64 kernel.
Enabled ECC kernel modules required for confidential GPU functionality.
Fixed KCTF-bc50835 in the Linux kernel.
Fixed CVE-2024-53170 in the Linux kernel.
Fixed CVE-2024-53124 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811776 -> 811757
January 27, 2025
Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.
Upgraded app-containers/docker-credential-gcr to v2.1.25.
Upgraded app-admin/google-osconfig-agent to v20240927.00.
Upgraded app-emulation/cloud-init to v23.4.4.
Upgraded sys-apps/file to v5.46-r2.
Upgraded dev-python/configobj to v5.0.9.
Upgraded dev-libs/nss to v3.105.
Upgraded dev-db/sqlite to v3.46.1.
Upgraded app-arch/lz4 to v1.10.0-r1.
Upgraded sys-apps/gentoo-functions to v1.7.2.
Upgraded net-libs/libtirpc to v1.3.5.
Update NVIDIA GPU drivers to v535.230.02 for default/R535
and v550.144.03 for R550 for all GPUs. This resolves
CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.
Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.
Fixed CVE-2024-45306 and CVE-2024-47814 in vim.
Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.
Fixed CVE-2024-53166 in the Linux kernel.
Fixed CVE-2024-54683 in the Linux kernel.
Fixed CVE-2024-57841 in the Linux kernel.
Fixed CVE-2024-57890 in the Linux kernel.
Fixed CVE-2024-56369 in the Linux kernel.
Fixed CVE-2024-56617 in the Linux kernel.
Fixed CVE-2024-55916 in the Linux kernel.
Fixed CVE-2024-56615 in the Linux kernel.
Fixed CVE-2024-56779 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811796 -> 811776
January 17, 2025
Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.
Fixed CVE-2024-53173 in the Linux kernel.
Fixed CVE-2024-56600 in the Linux kernel.
Fixed CVE-2024-56601 in the Linux kernel.
Fixed CVE-2024-53202 in the Linux kernel.
Fixed CVE-2024-53206 in the Linux kernel.
Fixed CVE-2024-56786 in the Linux kernel.
Fixed CVE-2024-56780 in the Linux kernel.
Fixed CVE-2024-56720 in the Linux kernel.
Fixed CVE-2024-56783 in the Linux kernel.
Fixed CVE-2024-56672 in the Linux kernel.
Fixed CVE-2024-56675 in the Linux kernel.
Fixed CVE-2024-53185 in the Linux kernel.
Fixed CVE-2024-56664 in the Linux kernel.
Fixed CVE-2024-56755 in the Linux kernel.
Fixed CVE-2024-56756 in the Linux kernel.
Fixed CVE-2024-56658 in the Linux kernel.
Fixed CVE-2024-53128 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811744 -> 811796
January 13, 2025
Upgraded nvidia-container-toolkit to v1.17.3.
Upgraded sys-apps/file to v5.46-r1.
Upgraded net-misc/socat to v1.8.0.2.
Fixed CVE-2024-56688 in the Linux kernel.
Fixed CVE-2024-56745 in the Linux kernel.
Fixed CVE-2024-53146 in the Linux kernel.
Fixed CVE-2024-56760 in the Linux kernel.
Fixed CVE-2024-53151 in the Linux kernel.
Fixed CVE-2024-56729 in the Linux kernel.
Fixed CVE-2024-56763 in the Linux kernel.
Fixed CVE-2024-56614 in the Linux kernel.
Fixed CVE-2024-56694 in the Linux kernel.
Fixed CVE-2024-56739 in the Linux kernel.
Fixed CVE-2024-56606 in the Linux kernel.
Fixed CVE-2024-53096 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811756 -> 811744
January 06, 2025
Fixed KCTF-5eb7de8 in the Linux kernel.
Fixed KCTF-f8d4bc4 in the Linux kernel.
Fixed CVE-2023-52920 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811782 -> 811756
January 02, 2025
Updated google.golang.org/grpc to v1.56.3 and upgrade
golang.org/x/net to v0.23.0 in docker and cri-tools. This fixes
CVE-2023-44487 and CVE-2023-45288.
Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.
Update dev-go/net in policy manager to v0.33.0. This fixes CVE-2024-45338.
Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.
Fixed CVE-2024-53097 in the Linux kernel.
Fixed CVE-2024-53100 in the Linux kernel.
Fixed CVE-2024-53091 in the Linux kernel.
Fixed CVE-2024-53099 in the Linux kernel.
Fixed CVE-2024-53093 in the Linux kernel.
Fixed CVE-2024-49926 in the Linux kernel.
Fixed CVE-2024-50256 in the Linux kernel.
Fixed CVE-2024-53113 in the Linux kernel.
Fixed CVE-2024-53140 in the Linux kernel.
Fixed CVE-2024-53119 in the Linux kernel.
Fixed CVE-2024-53135 in the Linux kernel.
Fixed CVE-2024-53136 in the Linux kernel.
Fixed CVE-2024-50191 in the Linux kernel.
Fixed CVE-2024-53121 in the Linux kernel.
Fixed CVE-2024-49934 in the Linux kernel.
Fixed CVE-2024-53141 in the Linux kernel.
Fixed CVE-2024-53142 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811809 -> 811782
December 16, 2024
Updated app-admin/google-guest-configs to v20241205.00.
Upgraded sys-apps/file to v5.46.
Upgraded sys-apps/hwdata to v0.390.
Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This
should improve performance for some workloads.
Fixed CVE-2024-50186 in the Linux kernel.
December 09, 2024
Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer
Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.
Fixed CVE-2024-50278 in the Linux kernel.
Fixed CVE-2024-50140 in the Linux kernel.
Fixed CVE-2024-50140 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811804 -> 811763
December 04, 2024
Updated app-admin/google-guest-configs to 20241121.00. This
enables intent based NIC naming scheme.
Upgraded sys-apps/makedumpfile to v1.7.6.
Upgraded containerd from 1.7.23 to 1.7.24.
Upgraded sys-process/lsof to v4.99.4.
Upgraded net-misc/socat to v1.8.0.1.
Upgraded sys-apps/less to v668.
Upgraded app-shells/dash to v0.5.12-r1.
Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.
Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681.
Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.
Fixed CVE-2024-50142 in the Linux kernel.
Fixed CVE-2024-50182 in the Linux kernel.
Fixed CVE-2024-50192 in the Linux kernel.
Fixed CVE-2024-53042 in the Linux kernel.
Fixed CVE-2024-50271 in the Linux kernel.
Fixed CVE-2024-50279 in the Linux kernel.
Fixed CVE-2024-50195 in the Linux kernel.
Fixed CVE-2024-50272 in the Linux kernel.
Fixed CVE-2024-50194 in the Linux kernel.
Fixed CVE-2024-50275 in the Linux kernel.
Fixed CVE-2024-53052 in the Linux kernel.
Fixed CVE-2024-50141 in the Linux kernel.
Fixed CVE-2024-53054 in the Linux kernel.
Fixed CVE-2024-50169 in the Linux kernel.
Fixed CVE-2024-50063 in the Linux kernel.
Fixed CVE-2024-53082 in the Linux kernel.
Fixed CVE-2024-50151 in the Linux kernel.
Fixed CVE-2024-50163 in the Linux kernel.
Fixed CVE-2024-50162 in the Linux kernel.
Fixed CVE-2024-53066 in the Linux kernel.
Fixed CVE-2024-50060 in the Linux kernel.
Fixed CVE-2024-50228 in the Linux kernel.
Fixed CVE-2024-50258 in the Linux kernel.
Fixed CVE-2024-50257 in the Linux kernel.
Fixed CVE-2024-50262 in the Linux kernel.
Fixed CVE-2024-50147 in the Linux kernel.
Fixed KCTF-6ca5753 in the Linux kernel.
Fixed CVE-2024-50251 in the Linux kernel.
Fixed CVE-2024-50249 in the Linux kernel.
Fixed CVE-2024-50226 in the Linux kernel.
Fixed CVE-2024-50143 in the Linux kernel.
Fixed CVE-2024-50153 in the Linux kernel.
Fixed CVE-2024-50223 in the Linux kernel.
Fixed CVE-2024-50222 in the Linux kernel.
Fixed CVE-2024-50099 in the Linux kernel.
Fixed CVE-2024-50215 in the Linux kernel.
Fixed CVE-2024-50152 in the Linux kernel.
Fixed CVE-2024-50154 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811800 -> 811804
November 18, 2024
Fixed CVE-2024-50101 in the Linux kernel.
Fixed CVE-2024-50095 in the Linux kernel.
Fixed CVE-2024-50066 in the Linux kernel.
Fixed CVE-2024-50010 in the Linux kernel.
Fixed CVE-2024-50110 in the Linux kernel.
Fixed CVE-2024-50120 in the Linux kernel.
Fixed CVE-2024-50121 in the Linux kernel.
Fixed CVE-2024-50115 in the Linux kernel.
Fixed CVE-2024-50130 in the Linux kernel.
Fixed CVE-2024-50131 in the Linux kernel.
November 11, 2024
Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675
Fixed CVE-2024-50602 in dev-libs/expat.
Fixed CVE-2024-50067 in the Linux kernel.
Fixed CVE-2024-50036 in the Linux kernel.
Fixed KCTF-2e95c43 in the Linux kernel.
Fixed CVE-2024-50076 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50038 in the Linux kernel.
Fixed CVE-2024-50082 in the Linux kernel.
Fixed CVE-2024-50024 in the Linux kernel.
Fixed KCTF-8ea6073 in the Linux kernel.
Fixed CVE-2024-50072 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811757 -> 811721
November 06, 2024
Upgraded sys-apps/xemu to v0.0.6
Runtime sysctl changes:
- Changed: fs.file-max: 811796 -> 811757
October 31, 2024
Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.
Update R550, latest driver to v550.90.12.
Update NVIDIA GPU drivers to v535.216.01 for default/R535
and v550.127.05 for R550 for all GPUs. This resolves
CVE-2024-0126.
Fixed CVE-2024-50039 in the Linux kernel.
Fixed CVE-2024-50023 in the Linux kernel.
Fixed CVE-2024-50019 in the Linux kernel.
Fixed CVE-2024-50045 in the Linux kernel.
Fixed CVE-2024-50000 in the Linux kernel.
Fixed CVE-2024-49975 in the Linux kernel.
Fixed CVE-2024-50015 in the Linux kernel.
Fixed CVE-2024-49889 in the Linux kernel.
Fixed CVE-2024-49936 in the Linux kernel.
Fixed CVE-2024-47696 in the Linux kernel.
Fixed CVE-2024-47728 in the Linux kernel.
Fixed CVE-2024-47679 in the Linux kernel.
Fixed CVE-2024-49851 in the Linux kernel.
Fixed CVE-2024-50035 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47701 in the Linux kernel.
Fixed CVE-2024-47706 in the Linux kernel.
Fixed CVE-2024-47737 in the Linux kernel.
Fixed CVE-2024-50064 in the Linux kernel.
Fixed CVE-2024-49858 in the Linux kernel.
Fixed CVE-2024-50033 in the Linux kernel.
Fixed CVE-2024-47688 in the Linux kernel.
Fixed CVE-2024-47675 in the Linux kernel.
Fixed CVE-2024-47745 in the Linux kernel.
Fixed CVE-2024-47700 in the Linux kernel.
Fixed CVE-2024-50055 in the Linux kernel.
Fixed CVE-2024-47660 in the Linux kernel.
Fixed CVE-2024-50047 in the Linux kernel.
Fixed CVE-2024-47678 in the Linux kernel.
Fixed CVE-2024-49860 in the Linux kernel.
Fixed CVE-2024-47742 in the Linux kernel.
Fixed CVE-2024-50046 in the Linux kernel.
Fixed CVE-2024-47739 in the Linux kernel.
Fixed CVE-2024-47668 in the Linux kernel.
Fixed CVE-2024-47682 in the Linux kernel.
Fixed CVE-2024-47692 in the Linux kernel.
Fixed CVE-2024-47727 in the Linux kernel.
Fixed CVE-2024-47693 in the Linux kernel.
Fixed CVE-2024-47734 in the Linux kernel.
Fixed CVE-2024-47744 in the Linux kernel.
Fixed CVE-2024-47743 in the Linux kernel.
Fixed CVE-2024-47684 in the Linux kernel.
Fixed CVE-2024-50058 in the Linux kernel.
Fixed CVE-2024-49850 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811706 -> 811796
October 28, 2024
Fixed CVE-2024-47685 in the Linux kernel.
Fixed CVE-2024-44991 in the Linux kernel.
Fixed CVE-2024-47674 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811768 -> 811706
October 21, 2024
Updated app-containers/containerd to 1.7.23.
Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.
Fixed CVE-2024-44959 in the Linux kernel.
Fixed CVE-2024-46838 in the Linux kernel.
Fixed KCTF-32556ce in the Linux kernel.
Fixed CVE-2024-45003 in the Linux kernel.
Fixed CVE-2024-44958 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811790 -> 811768
October 14, 2024
Fixed CVE-2024-44965 in the Linux kernel.
Fixed CVE-2024-46848 in the Linux kernel.
Fixed CVE-2024-44970 in the Linux kernel.
Fixed CVE-2024-46864 in the Linux kernel.
Fixed CVE-2024-46829 in the Linux kernel.
Fixed CVE-2024-46847 in the Linux kernel.
Fixed CVE-2024-46855 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811772 -> 811790
October 07, 2024
Update R535, default driver to v535.183.06.
Disabled MGLRU by default due to integration issues with
Kubernetes.
Fixed CVE-2024-46744 in the Linux kernel.
Fixed CVE-2024-46750 in the Linux kernel.
Fixed CVE-2024-46786 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811758 -> 811772
Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.
October 02, 2024
September 30, 2024
Fixed A3 Edge VM names in google guest agent configs and
upgrade to v20240725.
Fixed CVE-2024-46763 in the Linux kernel.
Fixed CVE-2024-46679 in the Linux kernel.
Fixed CVE-2024-46762 in the Linux kernel.
Fixed CVE-2024-46721 in the Linux kernel
Fixed CVE-2024-46737 in the Linux kernel
Fixed CVE-2024-46800 in the Linux kernel
Fixed CVE-2024-46796 in the Linux kernel
Fixed CVE-2024-46743 in the Linux kernel
Fixed CVE-2024-46738 in the Linux kernel
September 23, 2024
Upgraded app-admin/fluent-bit to v3.1.8.
Updated cos-gpu-installer to v2.4.2. This enables creation
of /dev/dri when loading nvidia-drm.ko for COS kernels build with
loadable drm and dependent modules.
Updated net-misc/curl to 8.10.0.
Fixed CVE-2024-44996 in the Linux kernel
Fixed CVE-2024-44947 in the Linux kernel
Fixed CVE-2024-45025 in the Linux kernel
Fixed CVE-2024-44983 in the Linux kernel
Fixed CVE-2024-44940 in the Linux kernel
Fixed CVE-2024-45022 in the Linux kernel
Fixed CVE-2024-45020 in the Linux kernel
Fixed CVE-2024-45018 in the Linux kernel
Fixed CVE-2024-45021 in the Linux kernel
Fixed CVE-2024-46686 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 811711 -> 811780
September 16, 2024
Updated app-containers/containerd to v1.7.22.
Fixed CVE-2023-27043 in dev-lang/python.
Fixed CVE-2024-7592 in dev-lang/python.
Fixed CVE-2024-6232 in dev-lang/python.
Fixed CVE-2024-6119 in net-libs/openssl.
Updated dev-lang/python to v3.8.19_p1. This fixes
CVE-2007-4559.
Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.
Fixed CVE-2023-7256 in net-libs/libpcap.
Fixed CVE-2024-43893 in the Linux kernel
Fixed CVE-2024-44943 in the Linux kernel
Fixed CVE-2024-43891 in the Linux kernel
Fixed CVE-2024-43892 in the Linux kernel
Fixed CVE-2024-43914 in the Linux kernel
Fixed CVE-2024-44952 in the Linux kernel
Fixed CVE-2024-44957 in the Linux kernel
Fixed CVE-2024-44989 in the Linux kernel
Fixed CVE-2024-44990 in the Linux kernel
Fixed CVE-2024-45000 in the Linux kernel
Fixed CVE-2024-43882 in the Linux kernel
Fixed CVE-2024-44985 in the Linux kernel
Fixed CVE-2024-44987 in the Linux kernel
Fixed CVE-2024-44986 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 811784 -> 811711
September 09, 2024
Fixes CVE-2024-43889 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811778 -> 811784
September 03, 2024
Updated app-containers/containerd to 1.7.21.
Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2024-44934 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42268 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811697 -> 811778
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
August 26, 2024
Upgraded app-admin/fluent-bit to v3.1.6.
Upgraded sys-apps/pv to v1.8.12.
Updated google-osconfig-agent to v20240822.00.
August 20, 2024
Updates to Major Packages:
Upgraded app-admin/node-problem-detector to v0.8.19.
Upgraded app-admin/google-guest-configs to v20240607.00.
Upgraded app-admin/logrotate to v3.22.0.
Upgraded app-containers/docker-credential-helpers to v0.8.2.
Upgraded app-admin/google-guest-agent to v20240716.00.
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Upgraded Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Upgraded go to version 1.22.3.
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Upgraded localtoast to v1.1.7 and opted out of
logging-service-running benchmark by default for cis-level2.
Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.
Updated app-containers/nvidia-container-toolkit to v1.14.6.
Upgraded app-emulation/cloud-init to v23.4.3.
Updated sys-apps/systemd to v254.9.
Updated app-emulation/kubernetes to v1.30.3.
Updated docker-credential-gcr to v2.1.22.
Updated app-containers/runc to v1.1.12.
Updated net-misc/openssh to v9.6_p1-r1.
Updated toolbox to v20230714.
Upgraded app-admin/fluent-bit to v3.1.3.
New Features and Changes in the Linux Kernel:
Runtime sysctl changes:
- Added: dev.tty.legacy_tiocsti: 1
- Added: kernel.io_uring_group: -1
- Added: kernel.kexec_load_limit_panic: -1
- Added: kernel.kexec_load_limit_reboot: -1
- Added: kernel.loadpin.enforce: 1
- Added: net.core.mem_pcpu_rsv: 256
- Added: net.core.rps_default_mask: 00
- Added: net.ipv4.tcp_plb_cong_thresh: 128
- Added: net.ipv4.tcp_plb_enabled: 0
- Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
- Added: net.ipv4.tcp_plb_rehash_rounds: 12
- Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
- Added: net.ipv4.tcp_rto_min_us: 200000
- Added: net.ipv4.tcp_shrink_window: 0
- Added: net.ipv4.tcp_syn_linear_timeouts: 4
- Added: net.ipv4.udp_child_hash_entries: 0
- Added: net.ipv4.udp_hash_entries: 4096
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: net.ipv6.icmp.error_anycast_as_unicast: 0
- Added: vm.memfd_noexec: 0
- Added: kernel.io_uring_disabled: 0
- Added: fs.overflowgid: 65534
- Changed: net.core.optmem_max: 131072 -> 20480
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
- Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
- Changed: fs.fanotify.max_user_marks: 67560 -> 67544
- Changed: fs.file-max: 811776 -> 811724
- Changed: fs.inotify.max_user_watches: 63441 -> 63425
- Changed: kernel.threads-max: 63503 -> 63487
- Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
- Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
- Changed: user.max_cgroup_namespaces: 31751 -> 31743
- Changed: user.max_fanotify_marks: 67560 -> 67544
- Changed: user.max_inotify_watches: 63441 -> 63425
- Changed: user.max_ipc_namespaces: 31751 -> 31743
- Changed: user.max_mnt_namespaces: 31751 -> 31743
- Changed: user.max_net_namespaces: 31751 -> 31743
- Changed: user.max_pid_namespaces: 31751 -> 31743
- Changed: user.max_time_namespaces: 31751 -> 31743
- Changed: user.max_user_namespaces: 31751 -> 31743
- Changed: user.max_uts_namespaces: 31751 -> 31743
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
Added support for iSCSI targets and RAM block devices.
Added support for dm-zero and dm-clone.
Enabled support for MGLRU in the Linux kernel.
Enabled vrf, ip_gre, and ip6_gre modules.
Updated the Linux kernel to v6.6.44.
New Features and Changes in the Image:
Disable NVIDIA persistence mode with -no-verify flag
Added support for TPU v6 devices.
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in
net-misc/openssh.
Disabled default automatic updates. Automatic updates must
now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".
Mount efivarfs fs by default on EFI-enabled systems.
Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.
Removed support for NVIDIA 470 drivers.
Fixed bug that cause constant restarts in fluent-bit
stackdriver plugin.
Installed the google_optimize_local_ssd script.
Updated NVIDIA GPU drivers to v550.54.15.
Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08.
Fixed a potential corruption when launching kernels on H100 GPUs.
Added NVIDIA GPU drivers R550 branch and updated latest to
550.54.14.
Fixed a bug in google-guest-agent service enablement.
Fixed integrity-fs dm-crypt creation flakiness.
Added automatic generation of known modules list to image
build process.
Included nvidia plugin into sosreport.
Fixed a time-to-login slowdown introduced by cloud-init changes.
Changed default umask value for a user to 027.
Removed legacy logging agent (fluentd).
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Enhanced integrity-fs with disk resize and dm-clone.
Removed deprecated R525 NVIDIA GPU drivers.
Added more service logs to the default Cloud Logging
configuration.
Allow GPU driver installation on dev-channel images without the -test flag.
CVE/Security Fixes:
Fixed CVE-2024-39894 in net-misc/openssh.
Upgraded sys-apps/dbus to v1.14.10-r192. This fixes CVE-2023-34969.
Upgraded dev-lang/go to v1.22.4. This fixes CVE-2023-39323, CVE-2023-44487, CVE-2023-39325, CVE-2024-24790 and CVE-2024-24789.
Fixed CVE-2024-35195 in dev-python/requests.
Updated R550, latest driver to v550.90.07. This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.
Updated R535, default driver to v535.183.01. This fixes CVE‑2024‑0090 and CVE‑2024‑0092.
Fixed CVE-2024-21626 in github.com/opencontainers/runc in
kubelet.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Upgraded app-arch/libarchive to version 3.7.4. Fixes
CVE-2024-26256.
Fixed CVE-2024-34459 in the libxml2 package.
Updated dev-vcs/git to v2.45.1. This resolves
CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-3772 in dev-python/pydantic.
Fixed CVE-2023-5388 in dev-libs/nss.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2023-38545, CVE-2024-7264, CVE-2024-6197.
Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Upgraded docker to v24.0.9. This fixes CVE-2024-24557.
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in
sys-boot/shim.
Fixed CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-40547 in sys-boot/shim.
Updated dev-libs/openssl to v3.0.14. This resolves
CVE-2024-0727, CVE-2023-6129, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741 and CVE-2024-5535.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-23851 in the Linux kernel.
Fixed CVE-2024-21626 in app-containers/runc.
Upgraded dev-go/crypto to v0.17.0. This fixes
CVE-2023-48795.
Updated dev-go/net to v0.27.0. This resolves CVE-2023-44487, CVE-2023-39325 and CVE-2023-45288.
Updated app-editors/vim, app-editors/vim-core to v9.0.2092.
This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736,
CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781,
CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-4016 in sys-process/procps.
Fixed CVE-2023-1255 in the dev-libs/openssl package.
Update dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.
Fixed CVE-2024-39472 in the linux kernel.
Updates for Minor Packages:
Upgraded app-containers/cni-plugins to v1.5.1.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.
Upgraded chromeos-base/shill-client to v0.0.1-r4612.
Upgraded chromeos-base/debugd-client to v0.0.1-r2707.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.
Upgraded chromeos-base/minijail to v18-r142.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.
Upgraded dev-embedded/libftdi to v1.5-r7.
Upgraded sys-apps/pv to v1.8.10.
Upgraded net-dns/c-ares to v1.31.0.
Upgraded dev-python/pygobject to v3.46.0-r1.
Upgraded dev-db/sqlite to v3.46.0.
Upgraded dev-libs/nss to v3.97.
Upgraded sys-apps/hwdata to v0.383.
Upgraded net-misc/rsync to v3.3.0-r1.
Upgraded sys-apps/findutils to v4.10.0.
Upgraded sys-libs/libseccomp to v2.5.5-r1.
Upgraded sys-apps/ethtool to v6.9.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Fixed glibc-2.36 build errors in sys-boot/syslinux.
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/sosreport to v4.7.1.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.
Upgraded sys-apps/rootdev to v0.0.1-r50.
Upgraded dev-util/puffin to v1.0.0-r451.
Upgraded dev-libs/double-conversion to v3.3.0.
Upgraded sys-apps/sed to v4.9-r1.
Upgraded sys-process/procps to v4.0.4-r1.
Upgraded sys-fs/e2fsprogs to v1.47.0-r3.
Upgraded sys-libs/libcap to v2.70.
Upgraded dev-python/jinja to v3.1.4.
Upgraded net-libs/gnutls to v3.8.6.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded sys-fs/xfsprogs to v6.8.0.
Upgraded sys-apps/less to v661.
Upgraded sys-apps/acl to v2.3.2-r1.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded net-libs/libtirpc to v1.3.4-r2.
Upgraded sys-apps/gentoo-functions to v1.6.
Upgraded net-misc/wget to v1.24.5.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded sys-libs/timezone-data to v2024a-r1.
Upgraded sys-libs/libcap-ng to v0.8.5.
Removed crash-reporter KVM support.
Updated dev-go/pprof to v0.0.0_p20230811.
Updated dev-go/go-tools to v0.16.2_p20231218.
Updated dev-go/term to v0.15.0.
Updated dev-go/go-sys to v0.15.0.
Updated dev-go/sync to v0.5.0.
Updated dev-go/mod to v0.14.0.
Updated dev-go/demangle to v0.0.0_p20230524.
Updated dev-go/go-arch to v0.6.0.
Upgraded chromeos-base/vm_protos to v0.0.1-r563.
Upgraded chromeos-base/hiberman-client to v0.0.1-r470.
Upgraded app-benchmarks/bootchart to v0.9.2-r5.
Downgraded app-misc/ca-certificates to v20230311.3.96.1.
Upgraded sys-auth/pambase to v20240128.
Upgraded net-misc/chrony to v4.5.
Upgraded chromeos-base/system_api to v0.0.1-r5653.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Upgraded sys-fs/squashfs-tools to v4.6.1.
Upgraded sys-apps/sandbox to v2.29-r1.
Upgraded app-arch/xz-utils to v5.4.6-r1.
Upgraded dev-util/bsdiff to v4.3.1-r42.
Upgraded app-arch/pigz to v2.8.
Upgraded sys-apps/coreutils to v9.3-r1.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/file to v5.45-r4.
Upgraded sys-libs/timezone-data to v2024a.
Upgraded sys-libs/zlib to v1.3.1-r1.
Updated gzip to v1.13-r1.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded sys-libs/gdbm to v1.24.
Updated protobuf-legacy-api to v1.5.4.
