Change

cos-121-18867-381-161

Change

Updated minijail to r188.

Security

Fixed CVE-2026-43303 in the Linux kernel.

Security

Fixed CVE-2026-43499 in the Linux kernel.

Security

Fixed CVE-2026-43503 in the Linux kernel.

Security

Fixed CVE-2026-45838 in the Linux kernel.

Security

Fixed CVE-2026-45839 in the Linux kernel.

Security

Fixed CVE-2026-45841 in the Linux kernel.

Security

Fixed CVE-2026-45842 in the Linux kernel.

Security

Fixed CVE-2026-45843 in the Linux kernel.

Security

Fixed CVE-2026-45844 in the Linux kernel.

Security

Fixed CVE-2026-45987 in the Linux kernel.

Security

Fixed CVE-2026-45991 in the Linux kernel.

Security

Fixed CVE-2026-45997 in the Linux kernel.

Security

Fixed CVE-2026-46005 in the Linux kernel.

Security

Fixed CVE-2026-46015 in the Linux kernel.

Security

Fixed CVE-2026-46021 in the Linux kernel.

Security

Fixed CVE-2026-46033 in the Linux kernel.

Security

Fixed CVE-2026-46037 in the Linux kernel.

Security

Fixed CVE-2026-46040 in the Linux kernel.

Security

Fixed CVE-2026-46046 in the Linux kernel.

Security

Fixed CVE-2026-46050 in the Linux kernel.

Security

Fixed CVE-2026-46051 in the Linux kernel.

Security

Fixed CVE-2026-46065 in the Linux kernel.

Security

Fixed CVE-2026-46070 in the Linux kernel.

Security

Fixed CVE-2026-46082 in the Linux kernel.

Security

Fixed CVE-2026-46086 in the Linux kernel.

Security

Fixed CVE-2026-46089 in the Linux kernel.

Security

Fixed CVE-2026-46094 in the Linux kernel.

Security

Fixed CVE-2026-46101 in the Linux kernel.

Security

Fixed CVE-2026-46102 in the Linux kernel.

Security

Fixed CVE-2026-46106 in the Linux kernel.

Security

Fixed CVE-2026-46107 in the Linux kernel.

Security

Fixed CVE-2026-46115 in the Linux kernel.

Security

Fixed CVE-2026-46116 in the Linux kernel.

Security

Fixed CVE-2026-46120 in the Linux kernel.

Security

Fixed CVE-2026-46124 in the Linux kernel.

Security

Fixed CVE-2026-46131 in the Linux kernel.

Security

Fixed CVE-2026-46132 in the Linux kernel.

Security

Fixed CVE-2026-46149 in the Linux kernel.

Security

Fixed CVE-2026-46150 in the Linux kernel.

Security

Fixed CVE-2026-46155 in the Linux kernel.

Security

Fixed CVE-2026-46161 in the Linux kernel.

Security

Fixed CVE-2026-46172 in the Linux kernel.

Security

Fixed CVE-2026-46173 in the Linux kernel.

Security

Fixed CVE-2026-46174 in the Linux kernel.

Security

Fixed CVE-2026-46176 in the Linux kernel.

Security

Fixed CVE-2026-46185 in the Linux kernel.

Security

Fixed CVE-2026-46195 in the Linux kernel.

Security

Fixed CVE-2026-46196 in the Linux kernel.

Security

Fixed CVE-2026-46209 in the Linux kernel.

Security

Fixed CVE-2026-46214 in the Linux kernel.

Security

Fixed CVE-2026-46234 in the Linux kernel.

Security

Fixed CVE-2026-46300 in the Linux kernel.

Change

cos-117-18613-613-40

Change

Updated minijail to r188.

Security

Fixed CVE-2026-43303 in the Linux kernel.

Security

Fixed CVE-2026-43499 in the Linux kernel.

Security

Fixed CVE-2026-45838 in the Linux kernel.

Security

Fixed CVE-2026-45839 in the Linux kernel.

Security

Fixed CVE-2026-45841 in the Linux kernel.

Security

Fixed CVE-2026-45842 in the Linux kernel.

Security

Fixed CVE-2026-45843 in the Linux kernel.

Security

Fixed CVE-2026-45844 in the Linux kernel.

Security

Fixed CVE-2026-45987 in the Linux kernel.

Security

Fixed CVE-2026-45991 in the Linux kernel.

Security

Fixed CVE-2026-45997 in the Linux kernel.

Security

Fixed CVE-2026-46005 in the Linux kernel.

Security

Fixed CVE-2026-46015 in the Linux kernel.

Security

Fixed CVE-2026-46021 in the Linux kernel.

Security

Fixed CVE-2026-46033 in the Linux kernel.

Security

Fixed CVE-2026-46037 in the Linux kernel.

Security

Fixed CVE-2026-46040 in the Linux kernel.

Security

Fixed CVE-2026-46046 in the Linux kernel.

Security

Fixed CVE-2026-46050 in the Linux kernel.

Security

Fixed CVE-2026-46051 in the Linux kernel.

Security

Fixed CVE-2026-46065 in the Linux kernel.

Security

Fixed CVE-2026-46070 in the Linux kernel.

Security

Fixed CVE-2026-46082 in the Linux kernel.

Security

Fixed CVE-2026-46086 in the Linux kernel.

Security

Fixed CVE-2026-46089 in the Linux kernel.

Security

Fixed CVE-2026-46094 in the Linux kernel.

Security

Fixed CVE-2026-46101 in the Linux kernel.

Security

Fixed CVE-2026-46102 in the Linux kernel.

Security

Fixed CVE-2026-46106 in the Linux kernel.

Security

Fixed CVE-2026-46107 in the Linux kernel.

Security

Fixed CVE-2026-46115 in the Linux kernel.

Security

Fixed CVE-2026-46116 in the Linux kernel.

Security

Fixed CVE-2026-46120 in the Linux kernel.

Security

Fixed CVE-2026-46124 in the Linux kernel.

Security

Fixed CVE-2026-46131 in the Linux kernel.

Security

Fixed CVE-2026-46132 in the Linux kernel.

Security

Fixed CVE-2026-46149 in the Linux kernel.

Security

Fixed CVE-2026-46150 in the Linux kernel.

Security

Fixed CVE-2026-46155 in the Linux kernel.

Security

Fixed CVE-2026-46161 in the Linux kernel.

Security

Fixed CVE-2026-46172 in the Linux kernel.

Security

Fixed CVE-2026-46173 in the Linux kernel.

Security

Fixed CVE-2026-46174 in the Linux kernel.

Security

Fixed CVE-2026-46176 in the Linux kernel.

Security

Fixed CVE-2026-46185 in the Linux kernel.

Security

Fixed CVE-2026-46195 in the Linux kernel.

Security

Fixed CVE-2026-46196 in the Linux kernel.

Security

Fixed CVE-2026-46209 in the Linux kernel.

Security

Fixed CVE-2026-46214 in the Linux kernel.

Security

Fixed CVE-2026-46234 in the Linux kernel.

Security

Fixed CVE-2026-46300 in the Linux kernel.

Change

cos-121-18867-381-148

Change

Added dev-libs/mpdecimal and dev-python/gentoo-common.

Change

Updated app-containers/runc from v1.2.8 to v1.2.9

Change

Updated dev-lang/python to v3.11.15.

Fixed

Added support for NVIDIA driver v580.159.04.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Security

Fixed EFI variable OOB read in grub config parsing.

Change

cos-125-19216-395-55

Change

Allow overriding IMA policy from oem partition.

Change

On cchost boards, autoload IMA policy on boot.

Change

Set static UUID for the stateful partition.

Fixed

Added support for NVIDIA driver v580.159.04.

Change

cos-117-18613-613-29

Change

Updated Python to v3.8.20.

Change

Updated app-containers/runc from v1.2.8 to v1.2.9

Fixed

Added support for NVIDIA driver v580.159.04.

Security

Fixed EFI variable OOB read in grub config parsing.

Change

cos-129-19506-224-7

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Fixed

Added support for NVIDIA driver v580.159.04.

Change

cos-129-19506-120-115

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Added support for the swiotlb=any kernel command line parameter.

Change

Update sys-process/audit to v3.0.9.

Change

Updated glib to v2.86.5.

Change

Updated sys-libs/pam to v1.5.3.

Change

Upgraded net-misc/openssh to v10.0_p2.

Fixed

Fixed a crash that occurs when using the configfile or source GRUB2 commands when Secure Boot is enabled.

Fixed

Fixed a race condition triggered by ext4 online resize that rarely causes machines to fail to boot.

Fixed

Upgraded cos-gpu-installer to v2.7.2.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-31419 in the Linux kernel.

Security

Fixed CVE-2026-31430 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43074 in the Linux kernel.

Security

Fixed CVE-2026-43088 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed EFI variable OOB read in grub config parsing.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-32289,CVE-2026-32282,CVE-2026-32288,CVE-2026-27142,CVE-2025-61728,CVE-2026-27139,CVE-2026-39817,CVE-2026-39819,CVE-2025-68119,CVE-2025-61732,CVE-2026-32280,CVE-2026-25679,CVE-2026-27144,CVE-2026-32283,CVE-2026-27140,CVE-2025-61731,CVE-2026-32281,CVE-2025-61726,CVE-2025-68121,CVE-2026-27143,CVE-2026-39826,CVE-2026-39823,CVE-2026-39825,CVE-2026-33814,CVE-2026-39820,CVE-2026-42499,CVE-2026-39836.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-125-19216-395-47

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Added support for the swiotlb=any kernel command line parameter.

Change

Update sys-process/audit to v3.0.9.

Change

Updated glib to v2.86.5.

Change

Upgrade app-admin/fluent-bit to v3.2.10

Change

Updated sys-libs/pam to v1.5.3.

Change

Upgraded net-misc/openssh to v10.0_p2.

Fixed

Fixed a crash that occurs when using the configfile or source GRUB2 commands when Secure Boot is enabled.

Fixed

Upgraded cos-gpu-installer to v2.7.2.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-31419 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43088 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-42499,CVE-2026-39820,CVE-2026-39826,CVE-2026-33814,CVE-2026-39836,CVE-2026-39823,CVE-2026-39825,CVE-2026-39817,CVE-2026-39819.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-121-18867-381-144

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Update sys-process/audit to v3.0.9.

Change

Upgrade app-admin/fluent-bit to v3.2.10

Change

Updated glib to v2.86.5.

Change

Updated sys-libs/pam to v1.5.3.

Fixed

Upgraded cos-gpu-installer to v2.7.2.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43109 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-33814,CVE-2026-39823,CVE-2026-39826,CVE-2026-39817,CVE-2026-39819,CVE-2026-39820,CVE-2026-39836,CVE-2026-42499,CVE-2026-39825.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-117-18613-613-25

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Update sys-process/audit to v3.0.9.

Change

Updated glib to v2.86.5.

Change

Updated sys-libs/pam to v1.5.3.

Change

Upgraded app-containers/containerd from v1.7.29 to v1.7.31.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43109 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-39817,CVE-2026-39825,CVE-2026-33814,CVE-2026-39819,CVE-2026-39826,CVE-2026-39823,CVE-2026-39820,CVE-2026-42499,CVE-2026-39836.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-129-19506-120-97

Change

cos-dev-133-19804-0-0

Change

Switch cchost-* boards to legacy iptables.

Change

Added support for the R595 Nvidia driver production branch.

Fixed

Added support for NVIDIA driver v535.309.01.

Change

Apply hardening sysctls on cchost boards.

Fixed

Added support for NVIDIA driver v580.159.03.

Change

Dropped support for the NVIDIA 535 drivers.

Fixed

Added support for NVIDIA driver v595.71.05.

Change

Enabled mm hardening kernel cmdlines on cchost.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Change

Increased the size of the EFI partition from 32 MiB to 64 MiB and increased the sizes of both kernel partitions from 16 MiB to 32 MiB on x86.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Change

Made it so that /etc/machine-id is mounted with noexec, nosuid, and nodev.

Fixed

Upgraded net-misc/rsync to v3.4.2.

Change

Switch cchost-* boards to legacy iptables.

Security

Fixed CVE-2025-38584 in the Linux kernel.

Change

Updated the Linux kernel to v6.18.32.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Change

Updated uhaul to v6.18-0.

Security

Fixed CVE-2026-43060 in the Linux kernel.

Change

Upgrade the Linux kernel to version 6.18.

Security

Fixed CVE-2026-43063 in the Linux kernel.

Change

Upgraded sys-apps/xemu to v0.0.9.

Security

Fixed CVE-2026-43065 in the Linux kernel.

Change

Upgraded sys-fs/cryptsetup to v2.8.6.

Security

Fixed CVE-2026-43066 in the Linux kernel.

Change

Upgraded sysram to v6.18-0.

Security

Fixed CVE-2026-43067 in the Linux kernel.

Feature

Added the cos_kernel_args tool that allows manipulating kernel command line arguments of a COS image.

Security

Fixed CVE-2026-43068 in the Linux kernel.

Feature

Added nvidia-fs support to the COS GPU installer.

Security

Fixed CVE-2026-43071 in the Linux kernel.

Security

Fixed CVE-2026-43073 in the Linux kernel.

Security

Fixed CVE-2026-43079 in the Linux kernel.

Fixed

Added support for NVIDIA driver v580.159.03.

Security

Fixed CVE-2026-43085 in the Linux kernel.

Fixed

Added support for NVIDIA driver v595.71.05.

Security

Fixed CVE-2026-43086 in the Linux kernel.

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Security

Fixed CVE-2026-43089 in the Linux kernel.

Fixed

Dropped support for NVIDIA MFT Tools v4.32.0.

Security

Fixed CVE-2026-43090 in the Linux kernel.

Fixed

Upgraded CASFS to v0.1.3.

Security

Fixed CVE-2026-43091 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260227.00.

Security

Fixed CVE-2026-43093 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260430.00.

Security

Fixed CVE-2026-43094 in the Linux kernel.

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Security

Fixed CVE-2026-43099 in the Linux kernel.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.6.

Security

Fixed CVE-2026-43107 in the Linux kernel.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Security

Fixed CVE-2026-43112 in the Linux kernel.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Security

Fixed CVE-2026-43114 in the Linux kernel.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r672.

Security

Fixed CVE-2026-43117 in the Linux kernel.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2738.

Security

Fixed CVE-2026-43329 in the Linux kernel.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.04.24.230834-r272.

Security

Fixed CVE-2026-43332 in the Linux kernel.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.05.06.161957-r274.

Security

Fixed CVE-2026-43333 in the Linux kernel.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2973.

Security

Fixed CVE-2026-43336 in the Linux kernel.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2834.

Security

Fixed CVE-2026-43338 in the Linux kernel.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Security

Fixed CVE-2026-43339 in the Linux kernel.

Fixed

Upgraded dev-db/sqlite to v3.53.1.

Security

Fixed CVE-2026-43341 in the Linux kernel.

Fixed

Upgraded dev-libs/expat to v2.8.0.

Security

Fixed CVE-2026-43350 in the Linux kernel.

Fixed

Upgraded dev-libs/expat to v2.8.1.

Security

Fixed CVE-2026-43359 in the Linux kernel.

Fixed

Upgraded net-libs/libnetfilter_queue to v1.0.5-r1.

Security

Fixed CVE-2026-43360 in the Linux kernel.

Fixed

Upgraded net-misc/rsync to v3.4.2.

Security

Fixed CVE-2026-43361 in the Linux kernel.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2026-43362 in the Linux kernel.

Fixed

Upgraded sys-libs/libcap to v2.78.

Security

Fixed CVE-2026-43363 in the Linux kernel.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-43365 in the Linux kernel.

Fixed

Upgraded the dump capture kernel to Linux v6.18.

Security

Fixed CVE-2026-43366 in the Linux kernel.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-43374 in the Linux kernel.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed CVE-2026-43383 in the Linux kernel.

Security

Fixed CVE-2026-35385 and CVE-2026-35386 in net-misc/openssh.

Security

Fixed CVE-2026-43392 in the Linux kernel.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-43393 in the Linux kernel.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed CVE-2026-43394 in the Linux kernel.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed CVE-2026-43403 in the Linux kernel.

Security

Fixed EFI variable OOB read in grub config parsing.

Security

Fixed CVE-2026-43409 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Security

Fixed CVE-2026-43438 in the Linux kernel.

Security

Updated go to v1.25.9. This resolves CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144.

Security

Fixed CVE-2026-43439 in the Linux kernel.

Security

Updated the Linux kernel to v6.18.31.

Security

Fixed CVE-2026-43441 in the Linux kernel.

Security

Upgraded containerd to v2.2.3. This fixes CVE-2026-35469.

Security

Fixed CVE-2026-43448 in the Linux kernel.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Security

Fixed CVE-2026-43449 in the Linux kernel.

Security

Upgraded dev-libs/openssl to v3.5.6 to fix CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790.

Security

Fixed CVE-2026-43450 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: dev.raid.sync_io_depth: 32
• Added: fs.dentry-negative: 0
• Added: fs.fanotify.watchdog_timeout: 0
• Added: fs.fuse.default_request_timeout: 0
• Added: fs.fuse.max_request_timeout: 0
• Added: kernel.core_modes: socket
• Added: kernel.hung_task_detect_count: 0
• Added: kernel.panic_sys_info:
• Added: net.ipv4.tcp_ecn_option: 2
• Added: net.ipv4.tcp_ecn_option_beacon: 3
• Added: net.ipv4.tcp_rto_max_ms: 120000
• Added: net.ipv4.tcp_tw_reuse_delay: 1000
• Added: net.ipv6.conf.all.force_forwarding: 0
• Added: net.ipv6.conf.default.force_forwarding: 0
• Added: net.ipv6.conf.docker0.force_forwarding: 0
• Added: net.ipv6.conf.eth0.force_forwarding: 0
• Added: net.ipv6.conf.lo.force_forwarding: 0
• Added: vm.defrag_mode: 0
• Added: vm.vfs_cache_pressure_denom: 100
• Changed: fs.epoll.max_user_watches: 1808517 -> 1808094
• Changed: fs.fanotify.max_user_marks: 68412 -> 68395
• Changed: fs.inotify.max_user_watches: 64189 -> 64173
• Changed: kernel.threads-max: 63178 -> 63459
• Changed: net.core.rmem_max: 212992 -> 4194304
• Changed: net.core.wmem_max: 212992 -> 4194304
• Changed: net.ipv4.tcp_mem: 94017 125357 188034 -> 93993 125327 187986
• Changed: net.ipv4.tcp_rmem: 4096 131072 6291456 -> 4096 131072 33554432
• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 187989 250654 375978
• Changed: net.ipv6.icmp.ratelimit: 1000 -> 100
• Changed: user.max_cgroup_namespaces: 31589 -> 31729
• Changed: user.max_fanotify_marks: 68412 -> 68395
• Changed: user.max_inotify_watches: 64189 -> 64173
• Changed: user.max_ipc_namespaces: 31589 -> 31729
• Changed: user.max_mnt_namespaces: 31589 -> 31729
• Changed: user.max_net_namespaces: 31589 -> 31729
• Changed: user.max_pid_namespaces: 31589 -> 31729
• Changed: user.max_time_namespaces: 31589 -> 31729
• Changed: user.max_user_namespaces: 31589 -> 31729
• Changed: user.max_uts_namespaces: 31589 -> 31729
• Deleted: fs.xfs.irix_sgid_inherit: 0
• Deleted: fs.xfs.irix_symlink_mode: 0
• Deleted: fs.xfs.speculative_cow_prealloc_lifetime: 300
• Deleted: net.netfilter.nf_conntrack_dccp_loose: 1
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_closereq: 64
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_closing: 64
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_open: 43200
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_partopen: 480
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_request: 240
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_respond: 480
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_timewait: 240

Security

Fixed CVE-2026-43451 in the Linux kernel.

Security

Fixed CVE-2026-43452 in the Linux kernel.

Security

Fixed CVE-2026-43453 in the Linux kernel.

Security

Fixed CVE-2026-43466 in the Linux kernel.

Security

Fixed CVE-2026-43469 in the Linux kernel.

Security

Fixed CVE-2026-43470 in the Linux kernel.

Security

Fixed CVE-2026-43472 in the Linux kernel.

Security

Fixed CVE-2026-43475 in the Linux kernel.

Security

Fixed CVE-2026-43482 in the Linux kernel.

Security

Fixed CVE-2026-43486 in the Linux kernel.

Security

Fixed CVE-2026-43487 in the Linux kernel.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

cos-121-18867-381-132

Announcement

This is an LTS Refresh release.

Fixed

Added support for NVIDIA driver v535.309.01.

Fixed

Added support for NVIDIA driver v580.159.03.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.4.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Fixed

Upgraded sys-auth/pambase to v20251104.

Fixed

Upgraded sys-libs/libcap to v2.77.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Security

Fixed CVE-2026-43187 in the Linux kernel.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

Runtime sysctl changes:

• Added: net.ipv4.tcp_pingpong_thresh: 1

Change

cos-125-19216-395-31

Change

Switch cchost-* boards to legacy iptables.

Fixed

Added support for NVIDIA driver v535.309.01.

Fixed

Added support for NVIDIA driver v580.159.03.

Fixed

Added support for NVIDIA driver v595.71.05.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Fixed

Upgraded net-misc/rsync to v3.4.2.

Security

Fixed CVE-2025-38584 in the Linux kernel.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

cos-117-18613-613-15

Fixed

Added support for NVIDIA driver v535.309.01.

Fixed

Added support for NVIDIA driver v580.159.03.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

cos-113-18244-582-104

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Change

cos-125-19216-395-7

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-117-18613-613-7

Announcement

Addressed internal infrastructure issues. No substantial change.

Change

cos-beta-129-19506-120-64

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Change

Apply hardening sysctls on cchost boards.

Change

Enabled mm hardening kernel cmdlines on cchost.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-31614 in the Linux kernel.

Security

Fixed CVE-2026-31694 in the Linux kernel.

Security

Fixed CVE-2026-31700 in the Linux kernel.

Security

Fixed CVE-2026-31708 in the Linux kernel.

Security

Fixed CVE-2026-31716 in the Linux kernel.

Security

Fixed CVE-2026-31733 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-31774 in the Linux kernel.

Security

Fixed CVE-2026-31781 in the Linux kernel.

Security

Fixed CVE-2026-35385 and CVE-2026-35386 in net-misc/openssh.

Security

Fixed CVE-2026-43012 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43016 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43046 in the Linux kernel.

Security

Fixed CVE-2026-43054 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Security

Upgraded cos-gpu-installer to v2.6.8.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

cos-125-19216-395-4

Announcement

This is an LTS Refresh release.

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Change

Apply hardening sysctls on cchost boards.

Change

Enabled mm hardening kernel cmdlines on cchost.

Fixed

Upgraded dev-db/sqlite to v3.51.2.

Fixed

Upgraded dev-libs/expat to v2.7.4.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/procps to v4.0.6.

Security

Fixed CVE-2026-31693 in the Linux kernel.

Security

Fixed CVE-2026-31694 in the Linux kernel.

Security

Fixed CVE-2026-31700 in the Linux kernel.

Security

Fixed CVE-2026-31708 in the Linux kernel.

Security

Fixed CVE-2026-31716 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-31774 in the Linux kernel.

Security

Fixed CVE-2026-31781 in the Linux kernel.

Security

Fixed CVE-2026-35385 and CVE-2026-35386 in net-misc/openssh.

Security

Fixed CVE-2026-43012 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43016 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Security

Upgraded cos-gpu-installer to v2.6.8.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-121-18867-381-125

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Security

Fixed CVE-2026-31693 in the Linux kernel.

Security

Fixed CVE-2026-31694 in the Linux kernel.

Security

Fixed CVE-2026-31700 in the Linux kernel.

Security

Fixed CVE-2026-31708 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-31781 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43016 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43054 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

cos-117-18613-613-5

Announcement

This is an LTS Refresh release.

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Fixed

Upgraded net-fs/cifs-utils to v7.5.

Fixed

Upgraded sys-libs/talloc to v2.4.4.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Fixed

Upgraded net-libs/libtirpc to v1.3.7-r2.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/procps to v4.0.6.

Security

Fixed CVE-2026-35385 in net-misc/openssh.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

Runtime sysctl changes:

• Added: net.ipv4.tcp_pingpong_thresh: 1

Change

cos-113-18244-582-103

Announcement

Security

Fixed CVE-2026-23411 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43054 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Change

cos-121-18867-381-121

Security

Fixed CVE-2026-35385 in net-misc/openssh.

Security

Upgraded cos-gpu-installer to v2.6.8.

Change

cos-beta-129-19506-120-52

Feature

Added the cos_kernel_args tool that allows manipulating kernel command line arguments of a COS image.

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Security

Fixed CVE-2025-21709 in the Linux kernel.

Security

Fixed CVE-2025-22116 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23157 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23442 in the Linux kernel.

Security

Fixed CVE-2026-31532 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31554 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31557 in the Linux kernel.

Security

Fixed CVE-2026-31561 in the Linux kernel.

Security

Fixed CVE-2026-31580 in the Linux kernel.

Security

Fixed CVE-2026-31586 in the Linux kernel.

Security

Fixed CVE-2026-31588 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31647 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31675 in the Linux kernel.

Security

Fixed CVE-2026-31677 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Upgraded dev-libs/openssl to v3.5.6 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-125-19216-220-185

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23157 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23375 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23417 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31554 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31561 in the Linux kernel.

Security

Fixed CVE-2026-31590 in the Linux kernel.

Security

Fixed CVE-2026-31593 in the Linux kernel.

Security

Fixed CVE-2026-31614 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31647 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31675 in the Linux kernel.

Security

Fixed CVE-2026-31677 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed CVE-2026-31688 in the Linux kernel.

Security

Upgraded dev-libs/openssl to v3.5.6 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-113-18244-582-100

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2025-37980 in the Linux kernel.

Security

Fixed CVE-2026-23268 in the Linux kernel.

Security

Fixed CVE-2026-23269 in the Linux kernel.

Security

Fixed CVE-2026-23403 in the Linux kernel.

Security

Fixed CVE-2026-23404 in the Linux kernel.

Security

Fixed CVE-2026-23405 in the Linux kernel.

Security

Fixed CVE-2026-23406 in the Linux kernel.

Security

Fixed CVE-2026-23407 in the Linux kernel.

Security

Fixed CVE-2026-23408 in the Linux kernel.

Security

Fixed CVE-2026-23409 in the Linux kernel.

Security

Fixed CVE-2026-23410 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Change

cos-121-18867-381-118

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2025-22125 in the Linux kernel.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-23442 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31429 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31675 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed CVE-2026-31688 in the Linux kernel.

Security

Upgraded openssl to v3.0.20 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

cos-117-18613-534-110

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2025-22125 in the Linux kernel.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31429 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed CVE-2026-31688 in the Linux kernel.

Security

Upgraded openssl to v3.0.20 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

cos-beta-129-19506-120-44

Change

Added support for the R595 Nvidia driver production branch.

Change

Made it so that /etc/machine-id is mounted with noexec, nosuid, and nodev.

Feature

Enabled CONFIG_SCHED_CLASS_EXT and CONFIG_EXT_GROUP_SCHED.

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Fixed

Fixed KCTF-42156f9 in the Linux kernel.

Fixed

Fixed an ext4/jbd2 performance regression on CPU Node.

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2026-23276 in the Linux kernel.

Security

Fixed CVE-2026-23375 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Security

Fixed CVE-2026-23417 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23465 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-31406 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31413 in the Linux kernel.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Security

Fixed CVE-2026-31434 in the Linux kernel.

Security

Fixed CVE-2026-31438 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31448 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31516 in the Linux kernel.

Security

Fixed CVE-2026-31519 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-31528 in the Linux kernel.

Security

Fixed CVE-2026-31531 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-125-19216-220-180

Change

Made it so that /etc/machine-id is mounted with noexec, nosuid, and nodev.

Fixed

Fixed an ext4/jbd2 performance regression on CPU Node.

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Change

cos-121-18867-381-113

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Change

cos-117-18613-534-106

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Change

cos-125-19216-220-174

Change

Added support for the R595 Nvidia driver production branch.

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Fixed

Fixed KCTF-42156f9 in the Linux kernel.

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2025-22116 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-70873 in dev-db/sqlite.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23276 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23442 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23465 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31406 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-31434 in the Linux kernel.

Security

Fixed CVE-2026-31438 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31448 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31516 in the Linux kernel.

Security

Fixed CVE-2026-31519 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-31528 in the Linux kernel.

Security

Fixed CVE-2026-31531 in the Linux kernel.

Security

Fixed CVE-2026-31557 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Change

cos-121-18867-381-106

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Security

Fixed CVE-2025-70873 in dev-db/sqlite.

Security

Fixed CVE-2026-31430 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Change

cos-117-18613-534-104

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Security

Fixed CVE-2025-70873 in dev-db/sqlite.

Security

Fixed CVE-2026-31430 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Change

cos-121-18867-381-95

Fixed

Resolved an issue that could cause soft lockups in stressed environments when iommu.strict=1.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Upgraded containerd to v2.0.8. This fixes CVE-2026-35469.

Change

cos-117-18613-534-95

Fixed

Resolved an issue that could cause soft lockups in stressed environments when iommu.strict=1

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Updated spdystream to v0.5.1 for containerd. This fixed CVE-2026-35469.

Change

cos-113-18244-582-86

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Updated spdystream to v0.5.1 for containerd. This fixed CVE-2026-35469.

Change

cos-125-19216-220-150

Fixed

Resolved an issue that could cause soft lockups in stressed environments when iommu.strict=1

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-7e3955b in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Upgraded containerd to v2.1.7. This fixes CVE-2026-35469.

Change

cos-beta-129-19506-120-15

Fixed

Upgraded app-admin/fluent-bit to v4.2.4.

Fixed

Upgraded sys-apps/pv to v1.10.4.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-7e3955b in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Upgrdaed containerd to v2.2.3. This fixes CVE-2026-35469.

Change

cos-beta-129-19506-0-140

Change

cos-dev-133-19700-0-0

Announcement

This is an LTS Refresh release.

Change

Added support for 8th generation TPU devices.

Change

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Feature

Changed default sysctl networking values on A4x-max machine type only.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Feature

Reverted iproute2 to v5.16.0.

Feature

Changed default sysctl networking values on A4x-max machine type only.

Fixed

Upgraded app-arch/unzip to v6.0_p29-r2.

Feature

Reverted iproute2 to v5.16.0.

Fixed

Upgraded app-containers/cni-plugins to v1.9.1.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtual queues are conditionally skipped.

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded net-misc/rsync to v3.4.1-r3.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded sys-apps/pv to v1.10.4.

Fixed

Upgraded sys-libs/zlib to v1.3.2-r1.

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Fixed

Upgraded dev-db/sqlite to v3.51.2.

Fixed

Upgraded net-misc/rsync to v3.4.1-r3.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded sys-process/procps to v4.0.6.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-121-18867-381-81

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2024-43826 in the Linux kernel.

Security

Fixed CVE-2025-38704 in the Linux kernel.

Security

Fixed CVE-2025-39748 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Change

cos-117-18613-534-80

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23244 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Change

cos-113-18244-582-80

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Change

cos-125-19216-220-130

Feature

Changed default sysctl networking values on A4x-max machine type only.

Feature

Reverted iproute2 to v5.16.0.

Fixed

Upgraded net-misc/rsync to v3.4.1-r3.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Change

cos-117-18613-534-62

Security

Fixed CVE-2024-43826 in the Linux kernel.

Security

Fixed CVE-2025-38704 in the Linux kernel.

Security

Fixed CVE-2025-39748 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Change

cos-113-18244-582-62

Security

Fixed CVE-2025-38192 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Security

Fixed CVE-2026-23113 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

cos-121-18867-381-63

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Change

cos-beta-129-19506-0-121

Change

cos-dev-133-19681-0-0

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Change

Fixes a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-125-19216-220-117

Change

Made it so that /dev/hugepages is mounted as noexec for cchost boards.

Change

Made it so that /mnt/disks is mounted as noexec for cchost boards.

Change

Made it so that /run is mounted as noexec for cchost boards.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-beta-129-19506-0-115

Change

cos-dev-133-19672-0-0

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-125-19216-220-106

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-beta-129-19506-0-109

Change

cos-dev-133-19666-0-0

Change

Fixed CVE-2026-27135 in net-libs/nghttp2.

Change

Updated the Linux kernel to v6.12.77.

Feature

Enabled dynamic configuration of FUSE max pages limit.

Feature

Enabled dynamic configuration of FUSE max pages limit.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23297 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23316 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23380 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23383 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23390 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Change

cos-125-19216-220-99

Feature

Enabled dynamic configuration of FUSE max pages limit.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23297 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23316 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23380 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23383 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23390 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Change

cos-121-18867-381-56

Feature

Added support for loading the ublk kernel module.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

Change

cos-117-18613-534-53

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23351 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

Change

cos-113-18244-582-55

Fixed

Updated cos-gpu-installer to v2.6.1.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63503 -> 63215
• Changed: user.max_cgroup_namespaces: 31751 -> 31607
• Changed: user.max_ipc_namespaces: 31751 -> 31607
• Changed: user.max_mnt_namespaces: 31751 -> 31607
• Changed: user.max_net_namespaces: 31751 -> 31607
• Changed: user.max_pid_namespaces: 31751 -> 31607
• Changed: user.max_time_namespaces: 31751 -> 31607
• Changed: user.max_user_namespaces: 31751 -> 31607
• Changed: user.max_uts_namespaces: 31751 -> 31607

Change

cos-beta-129-19506-0-98

Change

Added support for the Lustre 2.14.0_p249 drivers.

Change

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Feature

Added support for loading the ublk kernel module.

Fixed

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23086 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-117-18613-534-48

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for loading the ublk kernel module.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Change

cos-125-19216-220-87

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for loading the ublk kernel module.

Fixed

Added CPU balloon support for Arm CPUs.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-dev-133-19654-0-0

Fixed

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Fixed

Upgraded dev-db/sqlite to v3.51.3.

Fixed

Upgraded dev-libs/expat to v2.7.5.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to v2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-125-19216-220-72

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Added CPU balloon support for Arm CPUs.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-121-18867-381-45

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Fixed CVE-2025-69648 in binutils-libs.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-dev-133-19633-0-0

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for 8th generation TPU devices.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.03.03.162944-r270.

Fixed

Upgraded dev-libs/expat to v2.7.4.

Fixed

Upgraded net-firewall/iptables to v1.8.13.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-117-18613-534-44

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-113-18244-582-47

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2024-26822 in the Linux kernel.

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-beta-129-19506-0-66

Change

cos-dev-133-19619-0-0

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Breaking

/dev/hugepages is now mounted with the noexec option.

Breaking

/dev/hugepages is now mounted with the noexec option.

Change

Updated cos-gpu-installer to v2.6.0.

Breaking

/run is now mounted with the noexec option.

Change

Updated the Linux kernel to v6.12.76.

Change

Updated cos-gpu-installer to v2.6.0.

Change

Upgraded CASFS to v0.1.2.

Change

Upgraded CASFS to v0.1.2.

Feature

Switched to using systemd-resolved stub resolver by default, which fixes DNS caching issues.

Change

Upgraded app-containers/containerd to v2.2.2.

Feature

Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.

Change

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Feature

Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Enabled buffer overflow detection for kernel str/mem functions.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Fixed

Upgraded dev-util/gn to v2331.

Fixed

Fixed performance and efficiency issues in TCPX through optimized netmem handling and scatter-gather list coalescing for large memory mappings.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-apps/file to v5.47.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Fixed

Upgraded dev-utils/gdbus-codegen to v2.86.3.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Fixed

Upgraded app-admin/fluent-bit to v4.2.3.1.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Fixed CVE-2026-23240 in the Linux kernel.

Security

Fixed a packet header clobbering issue in the IDPF driver occurring when SWIOTLB and header split are enabled.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Change

cos-121-18867-381-35

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

Change

cos-117-18613-534-36

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38162 in the Linux kernel.

Change

cos-113-18244-582-42

Security

Fixed CVE-2026-23054 in the Linux kernel.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Change

cos-125-19216-220-57

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Fixed

Downgraded ek-cpu-balloon driver to version 1.1.0 to address efficiency daemon issues.

Change

cos-113-18244-582-40

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2023-53421 in the Linux kernel.

Security

Fixed CVE-2025-13601, CVE-2025-14512, CVE-2025-14087 in dev-libs/glib.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-37920 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2025-38591 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Change

cos-117-18613-534-35

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3 and gdbus-codegen to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-121-18867-381-30

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Change

cos-125-19216-220-43

Change

Updated cos-gpu-installer to v2.6.0.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-125-19216-220-39

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-125-19216-220-38

Security

Fixed CVE-2026-23100 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-113-18244-582-29

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Fixed

Upgraded net-dns/c-ares to v1.31.0.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2025-6075 in python.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2025-61732 in dev-lang/go.

Security

Fixed CVE-2026-23086 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23119 in the Linux kernel.

Security

Fixed CVE-2026-23124 in the Linux kernel.

Security

Fixed CVE-2026-23145 in the Linux kernel.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-125-19216-220-34

Change

Added support for the Lustre 2.14.0_p246 drivers.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-121-18867-381-24

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-117-18613-534-24

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2025-61732 in dev-lang/go.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-121-18867-381-14

Change

Added support for the Lustre 2.14.0_p246 drivers.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-beta-129-19506-0-32

Change

cos-dev-133-19566-0-0

Change

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Change

Made it so that /run is mounted as noexec.

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Change

Updated the Linux kernel to v6.12.74.

Security

Fixed CVE-2025-68358 in the Linux kernel.

Change

Upgraded containerd to v2.2.1.

Security

Fixed CVE-2025-68365 in the Linux kernel.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Security

Fixed CVE-2025-68725 in the Linux kernel.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Security

Fixed CVE-2025-71225 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Security

Fixed CVE-2026-23113 in the Linux kernel.

Fixed

Enabled buffer overflow detection for kernel str/mem functions.

Security

Fixed CVE-2026-23119 in the Linux kernel.

Fixed

Upgraded app-admin/google-guest-agent to v20260121.00.

Security

Fixed CVE-2026-23124 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260128.00.

Security

Fixed CVE-2026-23148 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260129.00.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Fixed

Upgraded dev-db/sqlite to v3.51.2.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Security

Fixed CVE-2026-23161 in the Linux kernel.

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.6.

Security

Fixed CVE-2026-23173 in the Linux kernel.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2026-23177 in the Linux kernel.

Fixed

Upgraded sys-process/procps to v4.0.6.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2025-40147 in the Linux kernel.

Security

Fixed CVE-2026-23199 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Security

Fixed CVE-2026-23214 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Security

Fixed CVE-2026-23215 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23219 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-125-19216-220-24

Change

Fixed CVE-2026-23177 in the Linux kernel.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-47912, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61726, and CVE-2025-61728 in dev-lang/go.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2025-71225 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23148 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Fixed CVE-2026-23161 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Fixed CVE-2026-23173 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23199 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed CVE-2026-23214 in the Linux kernel.

Security

Fixed CVE-2026-23215 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23219 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-113-18244-582-11

Security

Fixed CVE-2023-54285 in the Linux kernel.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23025 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Change

cos-117-18613-534-15

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-6075 in python.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23209 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-121-18867-381-1

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-beta-129-19506-0-17

Breaking

Removed the root file system copies of kubectl, kubelet, crictl, and node-problem-detector in GKE only.

Change

Added kernel support for bare-metal on the NVIDIA Grace platform.

Change

Added support for A4X-Max NICs.

Change

Applied ethtool ring length changes to a4x's first Diorite interface.

Change

Enabled Coherent Driver Memory Management by default when installing GPU drivers on GB2000.

Change

Changed the mount options for /mnt/disks to noexec.

Change

Updated CONFIG_BLK_DEV_LOOP_MIN_COUNT to 0. This allows unlimited loop devices.

Change

Updated app-containers/containerd to v2.2.0.

Change

Updated app-containers/runc to v1.4.0.

Change

Updated dev-libs/openssl to v3.5.4.

Change

Updated the Linux kernel to v6.12.67.

Change

Upgraded dev-libs/json-c from 0.16-r1 to 0.18.0.

Change

Upgraded dev-libs/libuv from 1.43.0 to 1.51.0-r1.

Change

Upgraded dev-util/cmake from 3.26.4 to 3.31.9.

Feature

Added CPU balloon support for ARM CPUs.

Feature

Added ConnectX-8 RDMA support.

Feature

Added GB300 support to cos-extensions.

Feature

Added GDRCopy kernel module for NVIDIA drivers.

Feature

Added IPv6 support for machines using the IDPF driver.

Feature

Added TDX RTMR support.

Feature

Added guest support for paravirtualization of cpuids on ARM machines.

Feature

Added iRDMA support in the Linux kernel.

Feature

Added patches to handle IDPF tx timeouts.

Feature

Added support for CASFS (Content Addressable Storage File System) as a kernel module.

Feature

Added support for NVIDIA GB300 devices.

Feature

Added support for NVIDIA MFT Tools on arm64.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for all GPU types.

Feature

Added support for SCSI logging.

Feature

Added support for the Lustre 2.14.0_p224 drivers.

Feature

Added support for the fwctl subsystem and the Mellanox fwctl driver for ARM64.

Feature

Added support for zswap in the Linux kernel.

Feature

Backported support for AMD SEV-SNP SVSM vTPM driver and configfs-tsm addition for extended attestation protocol.

Feature

Configured the cos-gpu-installer to use R580 drivers as the default GPU drivers.

Feature

Disabled DNSSEC by default for COS TPU VMs.

Feature

Enabled HTCP TCP congestion control algorithm as a module.

Feature

Enabled KVM for COS ARM64.

Feature

Enabled Software Watchdog as a module.

Feature

Enabled automatic loading of RDMA kernel modules when CX-8 devices are detected.

Feature

Enabled dynamic vlan configuration for non-primary NICs.

Feature

Enabled hardware optimized SHA256 algorithms for x86 machines with SSSE3 and AVX/AVX2 instructions and ARM64 machines with SHA-NI and ARMv8 Crypto Extensions.

Feature

Enabled the Btrfs kernel module.

Feature

Enabled the google-guest-agent's network management functionality.

Feature

Fixed a bug in cos-extensions which would cause GB200 and GB300 devices not to be detected in one code path, which would result in Imex channels not being created by default.

Feature

Removed the cloud-final.service dependency on multi-user.target which could delay cloud-init user-data scripts indefinitely when long-running startup scripts are used.

Feature

Removed the futility program from the root file system.

Fixed

Add support for NVIDIA MFT Tools v4.33.0.

Fixed

Added binary auth-provider-gcp.

Fixed

Added support for NVIDIA driver v535.274.02 and v570.195.03.

Fixed

Added support for the Lustre 2.14.0_p216 drivers.

Fixed

Backported various TCPDirect networking fixes.

Fixed

Enabled multiport support for CX-8 devices.

Fixed

Fixed a TCPX bug which would sometimes incorrectly report devices as being missing when route cache entries were missing or invalidated.

Fixed

Fixed a bug where setting MTU above 9000 on ARM systems with a 64k page size would cause IDPF networking to fail.

Fixed

Fixed a kernel bug which caused boot to fail for n4 machine types.

Fixed

Fixed an issue in app-containers/runc that caused runc to use more file descriptors than intended.

Fixed

Fixed an issue where cpusets cgroups did not work with cgroup v1 enabled.

Fixed

Fixed an issue where the cpuidle driver selected for some machine types would cause inflated reports of high CPU usage.

Fixed

Fixed bcache latency spikes.

Fixed

Installed app-misc/c_rehash.

Fixed

Made CX-8 NIC naming order deterministic.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Fixed

Partially fixed an issue where excessive contention among writeback kworkers when switching a large number of inodes between cgroups could lead to system unresponsiveness.

Fixed

Reduced gcr_wait_online retry gap.

Fixed

Removed an artifact registry ping that would delay multi-user.target indefinitely for machines with no external IP address.

Fixed

Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.

Fixed

Reverted a containerd change which reduced the default soft file descriptor limit for processes in containers to 1024.

Fixed

Updated app-admin/node-problem-detector to 0.8.21.

Fixed

Updated app-containers/cni-plugins to 1.7.1.

Fixed

Updated app-containers/cri-tools to 1.32.0.

Fixed

Updated cos-gpu-installer to v2.5.10.

Fixed

Updated dev-python/requests to v2.32.4.

Fixed

Updated golang.org/x/crypto, golang.org/x/net, and golang.org/x/oauth2 in kubelet and kubectl.

Fixed

Updated golang.org/x/oauth2, golang.org/x/net, golang.org/x/crypto, and github.com/golang-jwt/jwt/v5 in Docker.

Fixed

Updated kubelet and kubectl to v1.35.0.

Fixed

Updated net-misc/chrony to v4.8.

Fixed

Updated sys-libs/readline to v8.3.

Fixed

Updated app-admin/google-osconfig-agent to v20250522.00.

Fixed

Updated the dump capture kernel to v6.12.52.

Fixed

Updated toolbox container image tag to v20251002.

Fixed

Upgraded app-admin/fluent-bit to v4.2.2.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Fixed

Upgraded app-admin/oslogin to v20260116.00.

Fixed

Upgraded app-admin/sosreport to v4.10.2.

Fixed

Upgraded app-admin/sudo to v1.9.17_p2.

Fixed

Upgraded app-benchmarks/microbenchmarks to v0.0.1-r21.

Fixed

Upgraded app-containers/cni-plugins to v1.9.0.

Fixed

Upgraded app-containers/docker-credential-gcr to v2.1.31

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.5.

Fixed

Upgraded app-crypt/mit-krb5 from version 1.20.1 to version 1.22.1.

Fixed

Upgraded app-emulation/cloud-init to v25.1.4.

Fixed

Upgraded app-shells/bash to v5.3.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r668.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r671.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2737.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.01.16.201758-r268.

Fixed

Upgraded chromeos-base/minijail to v18-r168.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2972.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2833.

Fixed

Upgraded chromeos-base/shill-client to v0.0.1-r4879.

Fixed

Upgraded dev-db/sqlite to v3.50.3.

Fixed

Upgraded dev-db/sqlite to v3.50.4.

Fixed

Upgraded dev-db/sqlite to v3.51.1.

Fixed

Upgraded dev-lang/go to v1.23.11.

Fixed

Upgraded dev-lang/go to v1.23.12.

Fixed

Upgraded dev-libs/expat to v2.7.3.

Fixed

Upgraded dev-libs/libxslt to version 1.1.43-r1.

Fixed

Upgraded dev-libs/nss to 3.117 and dev-libs/nspr to 4.37.

Fixed

Upgraded dev-libs/openssl to 3.5.1.

Fixed

Upgraded dev-python/coverage to v7.10.7.

Fixed

Upgraded google-guest-configs to v20260121.00.

Fixed

Upgraded net-dns/c-ares to v1.34.6.

Fixed

Upgraded net-libs/gnutls to v3.8.11.

Fixed

Upgraded net-libs/libtirpc to v1.3.7-r2.

Fixed

Upgraded net-misc/curl from 8.12.1 to 8.17.0.

Fixed

Upgraded net-misc/openssh to 10.0_p1.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded net-misc/wget to v1.25.0-r1.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

Fixed

Upgraded sys-apps/dmidecode to v3.7.

Fixed

Upgraded sys-apps/file to v5.46-r3.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Fixed

Upgraded sys-apps/hwdata to v0.400.

Fixed

Upgraded sys-apps/kmod to v34.2.

Fixed

Upgraded sys-apps/less to v692.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.8.

Fixed

Upgraded sys-apps/nvme-cli from version 1.6-r1 to version 2.16, added package sys-libs/libnvme.

Fixed

Upgraded sys-apps/pv to v1.10.1.

Fixed

Upgraded sys-apps/pv to v1.10.2.

Fixed

Upgraded sys-apps/pv to v1.10.3.

Fixed

Upgraded sys-apps/pv to v1.9.34.

Fixed

Upgraded sys-apps/pv to v1.9.42.

Fixed

Upgraded sys-apps/pv to v1.9.44.

Fixed

Upgraded sys-auth/pambase to v20251104.

Fixed

Upgraded sys-libs/libcap to v2.77.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/audit to 4.0.2-r1.

Fixed

Upgraded sys-process/lsof to v4.99.5.

Fixed

Upgraded sys-process/procps to v4.0.5-r3.

Fixed

Upgraded virtual/logger to v0-r2.

Fixed

upgraded net-fs/cifs-utils to v7.4.

Security

Added support for Nvidia driver version 535.261.03. This fixes CVE-2025-23286 and CVE-2025-23279.

Security

Added support for Nvidia driver version 570.172.08. This fixes CVE-2025-23279.

Security

Fixed CVE-2025-11081, CVE-2025-11082 and CVE-2025-11083 in sys-libs/binutils-libs.

Security

Fixed CVE-2025-11412 in binutils-libs.

Security

Fixed CVE-2025-11413 and CVE-2025-11414 in binutils-libs.

Security

Fixed CVE-2025-11494 in binutils-libs.

Security

Fixed CVE-2025-11495 in binutils-libs.

Security

Fixed CVE-2025-12084 in dev-lang/python.

Security

Fixed CVE-2025-13836 in dev-lang/python.

Security

Fixed CVE-2025-13837 in dev-lang/python.

Security

Fixed CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 in app-containers/runc.

Security

Fixed CVE-2025-40147 in the Linux kernel.

Security

Fixed CVE-2025-40212 in the Linux kernel.

Security

Fixed CVE-2025-40256 in the Linux kernel.

Security

Fixed CVE-2025-47914 and CVE-2025-58181 in dev-go/crypto.

Security

Fixed CVE-2025-6052 in dev-libs/glib.

Security

Fixed CVE-2025-61727 in dev-lang/go.

Security

Fixed CVE-2025-61729 in dev-lang/go.

Security

Fixed CVE-2025-66471 and CVE-2025-66418 in dev-python/urllib3.

Security

Fixed CVE-2025-8058 in glibc.

Security

Fixed CVE-2026-21441 in dev-python/urllib3.

Security

Fixed KCTF-01d3c84 in the Linux kernel.

Security

Fixed KCTF-134121b in the Linux kernel.

Security

Fixed KCTF-2397e92 in the Linux kernel.

Security

Fixed KCTF-50da4b9 in the Linux kernel.

Security

Fixed KCTF-60e6489 in the Linux Kernel.

Security

Fixed KCTF-6bb73db in the Linux Kernel.

Security

Fixed KCTF-abad3d0 in the Linux kernel.

Security

Fixed KCTF-b441cf3 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Security

Updated dev-python/jinja to v3.1.6. This resolves CVE-2024-56326, CVE-2024-56201 and CVE-2025-27516.

Security

Updated dev-python/urllib3 to v2.5.0. This resolves CVE-2025-50181.

Security

Updated sys-apps/coreutils to v9.5. This resolves CVE-2024-0684.

Security

Upgraded dev-libs/glib to 2.82.5. This resolves CVE-2024-52533.

Security

Upgraded dev-vcs/git to version 2.49.1. This fixes CVE-2025-48385, CVE-2025-27613, CVE-2025-27614, CVE-2025-48384, CVE-2025-46835.

Security

Upgraded net-misc/netplan to 1.1.2. This fixes CVE-2022-4968.

Security

Upgraded open-vm-tools to 13.0.5. This fixes CVE-2025-41244 in anthos variant.

Security

Upgraded sys-libs/binutils-libs to version 2.45. This fixes CVE-2025-8224,CVE-2025-8225 and CVE-2025-1153.

Security

Upgraded urllib3 to version 1.26.18. This fixes CVE-2021-33503, CVE-2023-43804, and CVE-2023-45803.

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068