Change

cos-125-19216-395-73

Change

Updated minijail to r188.

Security

Fixed CVE-2026-43303 in the Linux kernel.

Security

Fixed CVE-2026-43492 in the Linux kernel.

Security

Fixed CVE-2026-43496 in the Linux kernel.

Security

Fixed CVE-2026-43499 in the Linux kernel.

Security

Fixed CVE-2026-43503 in the Linux kernel.

Security

Fixed CVE-2026-45837 in the Linux kernel.

Security

Fixed CVE-2026-45838 in the Linux kernel.

Security

Fixed CVE-2026-45839 in the Linux kernel.

Security

Fixed CVE-2026-45841 in the Linux kernel.

Security

Fixed CVE-2026-45842 in the Linux kernel.

Security

Fixed CVE-2026-45843 in the Linux kernel.

Security

Fixed CVE-2026-45844 in the Linux kernel.

Security

Fixed CVE-2026-45987 in the Linux kernel.

Security

Fixed CVE-2026-45991 in the Linux kernel.

Security

Fixed CVE-2026-45997 in the Linux kernel.

Security

Fixed CVE-2026-46005 in the Linux kernel.

Security

Fixed CVE-2026-46015 in the Linux kernel.

Security

Fixed CVE-2026-46021 in the Linux kernel.

Security

Fixed CVE-2026-46033 in the Linux kernel.

Security

Fixed CVE-2026-46037 in the Linux kernel.

Security

Fixed CVE-2026-46040 in the Linux kernel.

Security

Fixed CVE-2026-46046 in the Linux kernel.

Security

Fixed CVE-2026-46050 in the Linux kernel.

Security

Fixed CVE-2026-46051 in the Linux kernel.

Security

Fixed CVE-2026-46061 in the Linux kernel.

Security

Fixed CVE-2026-46062 in the Linux kernel.

Security

Fixed CVE-2026-46065 in the Linux kernel.

Security

Fixed CVE-2026-46070 in the Linux kernel.

Security

Fixed CVE-2026-46072 in the Linux kernel.

Security

Fixed CVE-2026-46076 in the Linux kernel.

Security

Fixed CVE-2026-46082 in the Linux kernel.

Security

Fixed CVE-2026-46086 in the Linux kernel.

Security

Fixed CVE-2026-46089 in the Linux kernel.

Security

Fixed CVE-2026-46094 in the Linux kernel.

Security

Fixed CVE-2026-46101 in the Linux kernel.

Security

Fixed CVE-2026-46102 in the Linux kernel.

Security

Fixed CVE-2026-46106 in the Linux kernel.

Security

Fixed CVE-2026-46107 in the Linux kernel.

Security

Fixed CVE-2026-46108 in the Linux kernel.

Security

Fixed CVE-2026-46115 in the Linux kernel.

Security

Fixed CVE-2026-46116 in the Linux kernel.

Security

Fixed CVE-2026-46120 in the Linux kernel.

Security

Fixed CVE-2026-46124 in the Linux kernel.

Security

Fixed CVE-2026-46128 in the Linux kernel.

Security

Fixed CVE-2026-46129 in the Linux kernel.

Security

Fixed CVE-2026-46131 in the Linux kernel.

Security

Fixed CVE-2026-46132 in the Linux kernel.

Security

Fixed CVE-2026-46135 in the Linux kernel.

Security

Fixed CVE-2026-46139 in the Linux kernel.

Security

Fixed CVE-2026-46149 in the Linux kernel.

Security

Fixed CVE-2026-46150 in the Linux kernel.

Security

Fixed CVE-2026-46155 in the Linux kernel.

Security

Fixed CVE-2026-46159 in the Linux kernel.

Security

Fixed CVE-2026-46161 in the Linux kernel.

Security

Fixed CVE-2026-46172 in the Linux kernel.

Security

Fixed CVE-2026-46173 in the Linux kernel.

Security

Fixed CVE-2026-46174 in the Linux kernel.

Security

Fixed CVE-2026-46176 in the Linux kernel.

Security

Fixed CVE-2026-46177 in the Linux kernel.

Security

Fixed CVE-2026-46185 in the Linux kernel.

Security

Fixed CVE-2026-46193 in the Linux kernel.

Security

Fixed CVE-2026-46195 in the Linux kernel.

Security

Fixed CVE-2026-46196 in the Linux kernel.

Security

Fixed CVE-2026-46209 in the Linux kernel.

Security

Fixed CVE-2026-46214 in the Linux kernel.

Security

Fixed CVE-2026-46234 in the Linux kernel.

Security

Fixed CVE-2026-46243 in the Linux kernel.

Security

Fixed CVE-2026-46300 in the Linux kernel.

Change

cos-129-19506-224-16

Change

Updated minijail to r188.

Security

Fixed CVE-2026-43303 in the Linux kernel.

Change

cos-121-18867-381-162

Change

cos-121-18867-381-161

Change

Updated minijail to r188.

Security

Fixed CVE-2026-43303 in the Linux kernel.

Security

Fixed CVE-2026-43499 in the Linux kernel.

Security

Fixed CVE-2026-43503 in the Linux kernel.

Security

Fixed CVE-2026-45838 in the Linux kernel.

Security

Fixed CVE-2026-45839 in the Linux kernel.

Security

Fixed CVE-2026-45841 in the Linux kernel.

Security

Fixed CVE-2026-45842 in the Linux kernel.

Security

Fixed CVE-2026-45843 in the Linux kernel.

Security

Fixed CVE-2026-45844 in the Linux kernel.

Security

Fixed CVE-2026-45987 in the Linux kernel.

Security

Fixed CVE-2026-45991 in the Linux kernel.

Security

Fixed CVE-2026-45997 in the Linux kernel.

Security

Fixed CVE-2026-46005 in the Linux kernel.

Security

Fixed CVE-2026-46015 in the Linux kernel.

Security

Fixed CVE-2026-46021 in the Linux kernel.

Security

Fixed CVE-2026-46033 in the Linux kernel.

Security

Fixed CVE-2026-46037 in the Linux kernel.

Security

Fixed CVE-2026-46040 in the Linux kernel.

Security

Fixed CVE-2026-46046 in the Linux kernel.

Security

Fixed CVE-2026-46050 in the Linux kernel.

Security

Fixed CVE-2026-46051 in the Linux kernel.

Security

Fixed CVE-2026-46065 in the Linux kernel.

Security

Fixed CVE-2026-46070 in the Linux kernel.

Security

Fixed CVE-2026-46082 in the Linux kernel.

Security

Fixed CVE-2026-46086 in the Linux kernel.

Security

Fixed CVE-2026-46089 in the Linux kernel.

Security

Fixed CVE-2026-46094 in the Linux kernel.

Security

Fixed CVE-2026-46101 in the Linux kernel.

Security

Fixed CVE-2026-46102 in the Linux kernel.

Security

Fixed CVE-2026-46106 in the Linux kernel.

Security

Fixed CVE-2026-46107 in the Linux kernel.

Security

Fixed CVE-2026-46115 in the Linux kernel.

Security

Fixed CVE-2026-46116 in the Linux kernel.

Security

Fixed CVE-2026-46120 in the Linux kernel.

Security

Fixed CVE-2026-46124 in the Linux kernel.

Security

Fixed CVE-2026-46131 in the Linux kernel.

Security

Fixed CVE-2026-46132 in the Linux kernel.

Security

Fixed CVE-2026-46149 in the Linux kernel.

Security

Fixed CVE-2026-46150 in the Linux kernel.

Security

Fixed CVE-2026-46155 in the Linux kernel.

Security

Fixed CVE-2026-46161 in the Linux kernel.

Security

Fixed CVE-2026-46172 in the Linux kernel.

Security

Fixed CVE-2026-46173 in the Linux kernel.

Security

Fixed CVE-2026-46174 in the Linux kernel.

Security

Fixed CVE-2026-46176 in the Linux kernel.

Security

Fixed CVE-2026-46185 in the Linux kernel.

Security

Fixed CVE-2026-46195 in the Linux kernel.

Security

Fixed CVE-2026-46196 in the Linux kernel.

Security

Fixed CVE-2026-46209 in the Linux kernel.

Security

Fixed CVE-2026-46214 in the Linux kernel.

Security

Fixed CVE-2026-46234 in the Linux kernel.

Security

Fixed CVE-2026-46300 in the Linux kernel.

Change

cos-117-18613-613-40

Change

Updated minijail to r188.

Security

Fixed CVE-2026-43303 in the Linux kernel.

Security

Fixed CVE-2026-43499 in the Linux kernel.

Security

Fixed CVE-2026-45838 in the Linux kernel.

Security

Fixed CVE-2026-45839 in the Linux kernel.

Security

Fixed CVE-2026-45841 in the Linux kernel.

Security

Fixed CVE-2026-45842 in the Linux kernel.

Security

Fixed CVE-2026-45843 in the Linux kernel.

Security

Fixed CVE-2026-45844 in the Linux kernel.

Security

Fixed CVE-2026-45987 in the Linux kernel.

Security

Fixed CVE-2026-45991 in the Linux kernel.

Security

Fixed CVE-2026-45997 in the Linux kernel.

Security

Fixed CVE-2026-46005 in the Linux kernel.

Security

Fixed CVE-2026-46015 in the Linux kernel.

Security

Fixed CVE-2026-46021 in the Linux kernel.

Security

Fixed CVE-2026-46033 in the Linux kernel.

Security

Fixed CVE-2026-46037 in the Linux kernel.

Security

Fixed CVE-2026-46040 in the Linux kernel.

Security

Fixed CVE-2026-46046 in the Linux kernel.

Security

Fixed CVE-2026-46050 in the Linux kernel.

Security

Fixed CVE-2026-46051 in the Linux kernel.

Security

Fixed CVE-2026-46065 in the Linux kernel.

Security

Fixed CVE-2026-46070 in the Linux kernel.

Security

Fixed CVE-2026-46082 in the Linux kernel.

Security

Fixed CVE-2026-46086 in the Linux kernel.

Security

Fixed CVE-2026-46089 in the Linux kernel.

Security

Fixed CVE-2026-46094 in the Linux kernel.

Security

Fixed CVE-2026-46101 in the Linux kernel.

Security

Fixed CVE-2026-46102 in the Linux kernel.

Security

Fixed CVE-2026-46106 in the Linux kernel.

Security

Fixed CVE-2026-46107 in the Linux kernel.

Security

Fixed CVE-2026-46115 in the Linux kernel.

Security

Fixed CVE-2026-46116 in the Linux kernel.

Security

Fixed CVE-2026-46120 in the Linux kernel.

Security

Fixed CVE-2026-46124 in the Linux kernel.

Security

Fixed CVE-2026-46131 in the Linux kernel.

Security

Fixed CVE-2026-46132 in the Linux kernel.

Security

Fixed CVE-2026-46149 in the Linux kernel.

Security

Fixed CVE-2026-46150 in the Linux kernel.

Security

Fixed CVE-2026-46155 in the Linux kernel.

Security

Fixed CVE-2026-46161 in the Linux kernel.

Security

Fixed CVE-2026-46172 in the Linux kernel.

Security

Fixed CVE-2026-46173 in the Linux kernel.

Security

Fixed CVE-2026-46174 in the Linux kernel.

Security

Fixed CVE-2026-46176 in the Linux kernel.

Security

Fixed CVE-2026-46185 in the Linux kernel.

Security

Fixed CVE-2026-46195 in the Linux kernel.

Security

Fixed CVE-2026-46196 in the Linux kernel.

Security

Fixed CVE-2026-46209 in the Linux kernel.

Security

Fixed CVE-2026-46214 in the Linux kernel.

Security

Fixed CVE-2026-46234 in the Linux kernel.

Security

Fixed CVE-2026-46300 in the Linux kernel.

Change

cos-121-18867-381-148

Change

Added dev-libs/mpdecimal and dev-python/gentoo-common.

Change

Updated app-containers/runc from v1.2.8 to v1.2.9

Change

Updated dev-lang/python to v3.11.15.

Fixed

Added support for NVIDIA driver v580.159.04.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Security

Fixed EFI variable OOB read in grub config parsing.

Change

cos-125-19216-395-55

Change

Allow overriding IMA policy from oem partition.

Change

On cchost boards, autoload IMA policy on boot.

Change

Set static UUID for the stateful partition.

Fixed

Added support for NVIDIA driver v580.159.04.

Change

cos-117-18613-613-29

Change

Updated Python to v3.8.20.

Change

Updated app-containers/runc from v1.2.8 to v1.2.9

Fixed

Added support for NVIDIA driver v580.159.04.

Security

Fixed EFI variable OOB read in grub config parsing.

Change

cos-129-19506-224-7

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Fixed

Added support for NVIDIA driver v580.159.04.

Change

cos-129-19506-120-115

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Added support for the swiotlb=any kernel command line parameter.

Change

Update sys-process/audit to v3.0.9.

Change

Updated glib to v2.86.5.

Change

Updated sys-libs/pam to v1.5.3.

Change

Upgraded net-misc/openssh to v10.0_p2.

Fixed

Fixed a crash that occurs when using the configfile or source GRUB2 commands when Secure Boot is enabled.

Fixed

Fixed a race condition triggered by ext4 online resize that rarely causes machines to fail to boot.

Fixed

Upgraded cos-gpu-installer to v2.7.2.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-31419 in the Linux kernel.

Security

Fixed CVE-2026-31430 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43074 in the Linux kernel.

Security

Fixed CVE-2026-43088 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed EFI variable OOB read in grub config parsing.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-32289,CVE-2026-32282,CVE-2026-32288,CVE-2026-27142,CVE-2025-61728,CVE-2026-27139,CVE-2026-39817,CVE-2026-39819,CVE-2025-68119,CVE-2025-61732,CVE-2026-32280,CVE-2026-25679,CVE-2026-27144,CVE-2026-32283,CVE-2026-27140,CVE-2025-61731,CVE-2026-32281,CVE-2025-61726,CVE-2025-68121,CVE-2026-27143,CVE-2026-39826,CVE-2026-39823,CVE-2026-39825,CVE-2026-33814,CVE-2026-39820,CVE-2026-42499,CVE-2026-39836.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-125-19216-395-47

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Added support for the swiotlb=any kernel command line parameter.

Change

Update sys-process/audit to v3.0.9.

Change

Updated glib to v2.86.5.

Change

Upgrade app-admin/fluent-bit to v3.2.10

Change

Updated sys-libs/pam to v1.5.3.

Change

Upgraded net-misc/openssh to v10.0_p2.

Fixed

Fixed a crash that occurs when using the configfile or source GRUB2 commands when Secure Boot is enabled.

Fixed

Upgraded cos-gpu-installer to v2.7.2.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-31419 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43088 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-42499,CVE-2026-39820,CVE-2026-39826,CVE-2026-33814,CVE-2026-39836,CVE-2026-39823,CVE-2026-39825,CVE-2026-39817,CVE-2026-39819.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-121-18867-381-144

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Update sys-process/audit to v3.0.9.

Change

Upgrade app-admin/fluent-bit to v3.2.10

Change

Updated glib to v2.86.5.

Change

Updated sys-libs/pam to v1.5.3.

Fixed

Upgraded cos-gpu-installer to v2.7.2.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43109 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-33814,CVE-2026-39823,CVE-2026-39826,CVE-2026-39817,CVE-2026-39819,CVE-2026-39820,CVE-2026-39836,CVE-2026-42499,CVE-2026-39825.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-117-18613-613-25

Announcement

This update contains several package upgrades to the latest patch version to ensure security, along with package patches for known CVEs.

Change

Update sys-process/audit to v3.0.9.

Change

Updated glib to v2.86.5.

Change

Updated sys-libs/pam to v1.5.3.

Change

Upgraded app-containers/containerd from v1.7.29 to v1.7.31.

Security

Fixed CVE-2026-23171 in the Linux kernel.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31709 in the Linux kernel.

Security

Fixed CVE-2026-43109 in the Linux kernel.

Security

Fixed CVE-2026-44431 in dev-python/urllib3.

Security

Fixed CVE-2026-6732 in dev-libs/libxml2.

Security

Fixed KCTF-9e6bf14 in the Linux kernel.

Security

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-39817,CVE-2026-39825,CVE-2026-33814,CVE-2026-39819,CVE-2026-39826,CVE-2026-39823,CVE-2026-39820,CVE-2026-42499,CVE-2026-39836.

Security

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.

Change

cos-129-19506-120-97

Change

cos-dev-133-19804-0-0

Change

Switch cchost-* boards to legacy iptables.

Change

Added support for the R595 Nvidia driver production branch.

Fixed

Added support for NVIDIA driver v535.309.01.

Change

Apply hardening sysctls on cchost boards.

Fixed

Added support for NVIDIA driver v580.159.03.

Change

Dropped support for the NVIDIA 535 drivers.

Fixed

Added support for NVIDIA driver v595.71.05.

Change

Enabled mm hardening kernel cmdlines on cchost.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Change

Increased the size of the EFI partition from 32 MiB to 64 MiB and increased the sizes of both kernel partitions from 16 MiB to 32 MiB on x86.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Change

Made it so that /etc/machine-id is mounted with noexec, nosuid, and nodev.

Fixed

Upgraded net-misc/rsync to v3.4.2.

Change

Switch cchost-* boards to legacy iptables.

Security

Fixed CVE-2025-38584 in the Linux kernel.

Change

Updated the Linux kernel to v6.18.32.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Change

Updated uhaul to v6.18-0.

Security

Fixed CVE-2026-43060 in the Linux kernel.

Change

Upgrade the Linux kernel to version 6.18.

Security

Fixed CVE-2026-43063 in the Linux kernel.

Change

Upgraded sys-apps/xemu to v0.0.9.

Security

Fixed CVE-2026-43065 in the Linux kernel.

Change

Upgraded sys-fs/cryptsetup to v2.8.6.

Security

Fixed CVE-2026-43066 in the Linux kernel.

Change

Upgraded sysram to v6.18-0.

Security

Fixed CVE-2026-43067 in the Linux kernel.

Feature

Added the cos_kernel_args tool that allows manipulating kernel command line arguments of a COS image.

Security

Fixed CVE-2026-43068 in the Linux kernel.

Feature

Added nvidia-fs support to the COS GPU installer.

Security

Fixed CVE-2026-43071 in the Linux kernel.

Security

Fixed CVE-2026-43073 in the Linux kernel.

Security

Fixed CVE-2026-43079 in the Linux kernel.

Fixed

Added support for NVIDIA driver v580.159.03.

Security

Fixed CVE-2026-43085 in the Linux kernel.

Fixed

Added support for NVIDIA driver v595.71.05.

Security

Fixed CVE-2026-43086 in the Linux kernel.

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Security

Fixed CVE-2026-43089 in the Linux kernel.

Fixed

Dropped support for NVIDIA MFT Tools v4.32.0.

Security

Fixed CVE-2026-43090 in the Linux kernel.

Fixed

Upgraded CASFS to v0.1.3.

Security

Fixed CVE-2026-43091 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260227.00.

Security

Fixed CVE-2026-43093 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260430.00.

Security

Fixed CVE-2026-43094 in the Linux kernel.

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Security

Fixed CVE-2026-43099 in the Linux kernel.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.6.

Security

Fixed CVE-2026-43107 in the Linux kernel.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Security

Fixed CVE-2026-43112 in the Linux kernel.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Security

Fixed CVE-2026-43114 in the Linux kernel.

Fixed

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r672.

Security

Fixed CVE-2026-43117 in the Linux kernel.

Fixed

Upgraded chromeos-base/debugd-client to v0.0.1-r2738.

Security

Fixed CVE-2026-43329 in the Linux kernel.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.04.24.230834-r272.

Security

Fixed CVE-2026-43332 in the Linux kernel.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.05.06.161957-r274.

Security

Fixed CVE-2026-43333 in the Linux kernel.

Fixed

Upgraded chromeos-base/power_manager-client to v0.0.1-r2973.

Security

Fixed CVE-2026-43336 in the Linux kernel.

Fixed

Upgraded chromeos-base/session_manager-client to v0.0.1-r2834.

Security

Fixed CVE-2026-43338 in the Linux kernel.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Security

Fixed CVE-2026-43339 in the Linux kernel.

Fixed

Upgraded dev-db/sqlite to v3.53.1.

Security

Fixed CVE-2026-43341 in the Linux kernel.

Fixed

Upgraded dev-libs/expat to v2.8.0.

Security

Fixed CVE-2026-43350 in the Linux kernel.

Fixed

Upgraded dev-libs/expat to v2.8.1.

Security

Fixed CVE-2026-43359 in the Linux kernel.

Fixed

Upgraded net-libs/libnetfilter_queue to v1.0.5-r1.

Security

Fixed CVE-2026-43360 in the Linux kernel.

Fixed

Upgraded net-misc/rsync to v3.4.2.

Security

Fixed CVE-2026-43361 in the Linux kernel.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2026-43362 in the Linux kernel.

Fixed

Upgraded sys-libs/libcap to v2.78.

Security

Fixed CVE-2026-43363 in the Linux kernel.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-43365 in the Linux kernel.

Fixed

Upgraded the dump capture kernel to Linux v6.18.

Security

Fixed CVE-2026-43366 in the Linux kernel.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-43374 in the Linux kernel.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed CVE-2026-43383 in the Linux kernel.

Security

Fixed CVE-2026-35385 and CVE-2026-35386 in net-misc/openssh.

Security

Fixed CVE-2026-43392 in the Linux kernel.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-43393 in the Linux kernel.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed CVE-2026-43394 in the Linux kernel.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed CVE-2026-43403 in the Linux kernel.

Security

Fixed EFI variable OOB read in grub config parsing.

Security

Fixed CVE-2026-43409 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Security

Fixed CVE-2026-43438 in the Linux kernel.

Security

Updated go to v1.25.9. This resolves CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144.

Security

Fixed CVE-2026-43439 in the Linux kernel.

Security

Updated the Linux kernel to v6.18.31.

Security

Fixed CVE-2026-43441 in the Linux kernel.

Security

Upgraded containerd to v2.2.3. This fixes CVE-2026-35469.

Security

Fixed CVE-2026-43448 in the Linux kernel.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Security

Fixed CVE-2026-43449 in the Linux kernel.

Security

Upgraded dev-libs/openssl to v3.5.6 to fix CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790.

Security

Fixed CVE-2026-43450 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: dev.raid.sync_io_depth: 32
• Added: fs.dentry-negative: 0
• Added: fs.fanotify.watchdog_timeout: 0
• Added: fs.fuse.default_request_timeout: 0
• Added: fs.fuse.max_request_timeout: 0
• Added: kernel.core_modes: socket
• Added: kernel.hung_task_detect_count: 0
• Added: kernel.panic_sys_info:
• Added: net.ipv4.tcp_ecn_option: 2
• Added: net.ipv4.tcp_ecn_option_beacon: 3
• Added: net.ipv4.tcp_rto_max_ms: 120000
• Added: net.ipv4.tcp_tw_reuse_delay: 1000
• Added: net.ipv6.conf.all.force_forwarding: 0
• Added: net.ipv6.conf.default.force_forwarding: 0
• Added: net.ipv6.conf.docker0.force_forwarding: 0
• Added: net.ipv6.conf.eth0.force_forwarding: 0
• Added: net.ipv6.conf.lo.force_forwarding: 0
• Added: vm.defrag_mode: 0
• Added: vm.vfs_cache_pressure_denom: 100
• Changed: fs.epoll.max_user_watches: 1808517 -> 1808094
• Changed: fs.fanotify.max_user_marks: 68412 -> 68395
• Changed: fs.inotify.max_user_watches: 64189 -> 64173
• Changed: kernel.threads-max: 63178 -> 63459
• Changed: net.core.rmem_max: 212992 -> 4194304
• Changed: net.core.wmem_max: 212992 -> 4194304
• Changed: net.ipv4.tcp_mem: 94017 125357 188034 -> 93993 125327 187986
• Changed: net.ipv4.tcp_rmem: 4096 131072 6291456 -> 4096 131072 33554432
• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 187989 250654 375978
• Changed: net.ipv6.icmp.ratelimit: 1000 -> 100
• Changed: user.max_cgroup_namespaces: 31589 -> 31729
• Changed: user.max_fanotify_marks: 68412 -> 68395
• Changed: user.max_inotify_watches: 64189 -> 64173
• Changed: user.max_ipc_namespaces: 31589 -> 31729
• Changed: user.max_mnt_namespaces: 31589 -> 31729
• Changed: user.max_net_namespaces: 31589 -> 31729
• Changed: user.max_pid_namespaces: 31589 -> 31729
• Changed: user.max_time_namespaces: 31589 -> 31729
• Changed: user.max_user_namespaces: 31589 -> 31729
• Changed: user.max_uts_namespaces: 31589 -> 31729
• Deleted: fs.xfs.irix_sgid_inherit: 0
• Deleted: fs.xfs.irix_symlink_mode: 0
• Deleted: fs.xfs.speculative_cow_prealloc_lifetime: 300
• Deleted: net.netfilter.nf_conntrack_dccp_loose: 1
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_closereq: 64
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_closing: 64
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_open: 43200
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_partopen: 480
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_request: 240
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_respond: 480
• Deleted: net.netfilter.nf_conntrack_dccp_timeout_timewait: 240

Security

Fixed CVE-2026-43451 in the Linux kernel.

Security

Fixed CVE-2026-43452 in the Linux kernel.

Security

Fixed CVE-2026-43453 in the Linux kernel.

Security

Fixed CVE-2026-43466 in the Linux kernel.

Security

Fixed CVE-2026-43469 in the Linux kernel.

Security

Fixed CVE-2026-43470 in the Linux kernel.

Security

Fixed CVE-2026-43472 in the Linux kernel.

Security

Fixed CVE-2026-43475 in the Linux kernel.

Security

Fixed CVE-2026-43482 in the Linux kernel.

Security

Fixed CVE-2026-43486 in the Linux kernel.

Security

Fixed CVE-2026-43487 in the Linux kernel.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

cos-121-18867-381-132

Announcement

This is an LTS Refresh release.

Fixed

Added support for NVIDIA driver v535.309.01.

Fixed

Added support for NVIDIA driver v580.159.03.

Fixed

Upgraded app-admin/google-guest-configs to v20251014.00.

Fixed

Upgraded app-containers/docker-credential-helpers to v0.9.4.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Fixed

Upgraded net-libs/libtirpc to v1.3.7.

Fixed

Upgraded net-nds/rpcbind to v1.2.8.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.4.

Fixed

Upgraded sys-auth/pambase to v20251104.

Fixed

Upgraded sys-libs/libcap to v2.77.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Security

Fixed CVE-2026-43187 in the Linux kernel.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

Runtime sysctl changes:

• Added: net.ipv4.tcp_pingpong_thresh: 1

Change

cos-125-19216-395-31

Change

Switch cchost-* boards to legacy iptables.

Fixed

Added support for NVIDIA driver v535.309.01.

Fixed

Added support for NVIDIA driver v580.159.03.

Fixed

Added support for NVIDIA driver v595.71.05.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Fixed

Upgraded net-misc/rsync to v3.4.2.

Security

Fixed CVE-2025-38584 in the Linux kernel.

Security

Fixed CVE-2026-23473 in the Linux kernel.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

cos-117-18613-613-15

Fixed

Added support for NVIDIA driver v535.309.01.

Fixed

Added support for NVIDIA driver v580.159.03.

Fixed

Upgraded app-shells/dash to v0.5.13.4.

Fixed

Upgraded cos-gpu-installer to v2.7.1.

Security

Fixed CVE-2026-46333 in the Linux kernel.

Security

Fixed argument injection in toolbox.

Change

cos-113-18244-582-104

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Change

cos-125-19216-395-7

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-117-18613-613-7

Announcement

Addressed internal infrastructure issues. No substantial change.

Change

cos-beta-129-19506-120-64

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Change

Apply hardening sysctls on cchost boards.

Change

Enabled mm hardening kernel cmdlines on cchost.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-31614 in the Linux kernel.

Security

Fixed CVE-2026-31694 in the Linux kernel.

Security

Fixed CVE-2026-31700 in the Linux kernel.

Security

Fixed CVE-2026-31708 in the Linux kernel.

Security

Fixed CVE-2026-31716 in the Linux kernel.

Security

Fixed CVE-2026-31733 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-31774 in the Linux kernel.

Security

Fixed CVE-2026-31781 in the Linux kernel.

Security

Fixed CVE-2026-35385 and CVE-2026-35386 in net-misc/openssh.

Security

Fixed CVE-2026-43012 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43016 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43046 in the Linux kernel.

Security

Fixed CVE-2026-43054 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Security

Upgraded cos-gpu-installer to v2.6.8.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

cos-125-19216-395-4

Announcement

This is an LTS Refresh release.

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Change

Apply hardening sysctls on cchost boards.

Change

Enabled mm hardening kernel cmdlines on cchost.

Fixed

Upgraded dev-db/sqlite to v3.51.2.

Fixed

Upgraded dev-libs/expat to v2.7.4.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/procps to v4.0.6.

Security

Fixed CVE-2026-31693 in the Linux kernel.

Security

Fixed CVE-2026-31694 in the Linux kernel.

Security

Fixed CVE-2026-31700 in the Linux kernel.

Security

Fixed CVE-2026-31708 in the Linux kernel.

Security

Fixed CVE-2026-31716 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-31774 in the Linux kernel.

Security

Fixed CVE-2026-31781 in the Linux kernel.

Security

Fixed CVE-2026-35385 and CVE-2026-35386 in net-misc/openssh.

Security

Fixed CVE-2026-43012 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43016 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Security

Upgraded cos-gpu-installer to v2.6.8.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-121-18867-381-125

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Security

Fixed CVE-2026-31693 in the Linux kernel.

Security

Fixed CVE-2026-31694 in the Linux kernel.

Security

Fixed CVE-2026-31700 in the Linux kernel.

Security

Fixed CVE-2026-31708 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-31781 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43016 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43054 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

cos-117-18613-613-5

Announcement

This is an LTS Refresh release.

Security

Fixed CVE-2026-43284 (dirtyfrag) in the Linux kernel.

Fixed

Upgraded net-fs/cifs-utils to v7.5.

Fixed

Upgraded sys-libs/talloc to v2.4.4.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Fixed

Upgraded net-libs/libtirpc to v1.3.7-r2.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/procps to v4.0.6.

Security

Fixed CVE-2026-35385 in net-misc/openssh.

Security

Upgraded dev-libs/libgcrypt to v1.10.4 to fix CVE-2026-41989.

Change

Runtime sysctl changes:

• Added: net.ipv4.tcp_pingpong_thresh: 1

Change

cos-113-18244-582-103

Announcement

Security

Fixed CVE-2026-23411 in the Linux kernel.

Security

Fixed CVE-2026-31738 in the Linux kernel.

Security

Fixed CVE-2026-31752 in the Linux kernel.

Security

Fixed CVE-2026-43013 in the Linux kernel.

Security

Fixed CVE-2026-43024 in the Linux kernel.

Security

Fixed CVE-2026-43026 in the Linux kernel.

Security

Fixed CVE-2026-43027 in the Linux kernel.

Security

Fixed CVE-2026-43028 in the Linux kernel.

Security

Fixed CVE-2026-43030 in the Linux kernel.

Security

Fixed CVE-2026-43035 in the Linux kernel.

Security

Fixed CVE-2026-43037 in the Linux kernel.

Security

Fixed CVE-2026-43038 in the Linux kernel.

Security

Fixed CVE-2026-43040 in the Linux kernel.

Security

Fixed CVE-2026-43043 in the Linux kernel.

Security

Fixed CVE-2026-43054 in the Linux kernel.

Security

Fixed CVE-2026-43057 in the Linux kernel.

Change

cos-121-18867-381-121

Security

Fixed CVE-2026-35385 in net-misc/openssh.

Security

Upgraded cos-gpu-installer to v2.6.8.

Change

cos-beta-129-19506-120-52

Feature

Added the cos_kernel_args tool that allows manipulating kernel command line arguments of a COS image.

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Security

Fixed CVE-2025-21709 in the Linux kernel.

Security

Fixed CVE-2025-22116 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23157 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23442 in the Linux kernel.

Security

Fixed CVE-2026-31532 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31554 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31557 in the Linux kernel.

Security

Fixed CVE-2026-31561 in the Linux kernel.

Security

Fixed CVE-2026-31580 in the Linux kernel.

Security

Fixed CVE-2026-31586 in the Linux kernel.

Security

Fixed CVE-2026-31588 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31647 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31675 in the Linux kernel.

Security

Fixed CVE-2026-31677 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Upgraded dev-libs/openssl to v3.5.6 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-125-19216-220-185

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23157 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23375 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23417 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31554 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31561 in the Linux kernel.

Security

Fixed CVE-2026-31590 in the Linux kernel.

Security

Fixed CVE-2026-31593 in the Linux kernel.

Security

Fixed CVE-2026-31614 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31647 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31675 in the Linux kernel.

Security

Fixed CVE-2026-31677 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed CVE-2026-31688 in the Linux kernel.

Security

Upgraded dev-libs/openssl to v3.5.6 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-113-18244-582-100

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2025-37980 in the Linux kernel.

Security

Fixed CVE-2026-23268 in the Linux kernel.

Security

Fixed CVE-2026-23269 in the Linux kernel.

Security

Fixed CVE-2026-23403 in the Linux kernel.

Security

Fixed CVE-2026-23404 in the Linux kernel.

Security

Fixed CVE-2026-23405 in the Linux kernel.

Security

Fixed CVE-2026-23406 in the Linux kernel.

Security

Fixed CVE-2026-23407 in the Linux kernel.

Security

Fixed CVE-2026-23408 in the Linux kernel.

Security

Fixed CVE-2026-23409 in the Linux kernel.

Security

Fixed CVE-2026-23410 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Change

cos-121-18867-381-118

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2025-22125 in the Linux kernel.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-23442 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31429 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31675 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed CVE-2026-31688 in the Linux kernel.

Security

Upgraded openssl to v3.0.20 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

cos-117-18613-534-110

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2025-22125 in the Linux kernel.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31429 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31555 in the Linux kernel.

Security

Fixed CVE-2026-31628 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Security

Fixed CVE-2026-31665 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-31671 in the Linux kernel.

Security

Fixed CVE-2026-31673 in the Linux kernel.

Security

Fixed CVE-2026-31680 in the Linux kernel.

Security

Fixed CVE-2026-31681 in the Linux kernel.

Security

Fixed CVE-2026-31682 in the Linux kernel.

Security

Fixed CVE-2026-31688 in the Linux kernel.

Security

Upgraded openssl to v3.0.20 to fix CVE-2026-28387, CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31790.

Change

cos-beta-129-19506-120-44

Change

Added support for the R595 Nvidia driver production branch.

Change

Made it so that /etc/machine-id is mounted with noexec, nosuid, and nodev.

Feature

Enabled CONFIG_SCHED_CLASS_EXT and CONFIG_EXT_GROUP_SCHED.

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Fixed

Fixed KCTF-42156f9 in the Linux kernel.

Fixed

Fixed an ext4/jbd2 performance regression on CPU Node.

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2026-23276 in the Linux kernel.

Security

Fixed CVE-2026-23375 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Security

Fixed CVE-2026-23417 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23465 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-31406 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31413 in the Linux kernel.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Security

Fixed CVE-2026-31434 in the Linux kernel.

Security

Fixed CVE-2026-31438 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31448 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31516 in the Linux kernel.

Security

Fixed CVE-2026-31519 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-31528 in the Linux kernel.

Security

Fixed CVE-2026-31531 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-125-19216-220-180

Change

Made it so that /etc/machine-id is mounted with noexec, nosuid, and nodev.

Fixed

Fixed an ext4/jbd2 performance regression on CPU Node.

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Security

Fixed CVE-2026-31664 in the Linux kernel.

Change

cos-121-18867-381-113

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31546 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Change

cos-117-18613-534-106

Fixed

Optimized IOMMU reference counting using atomic64_inc_return().

Fixed

Serialized sequence allocation to prevent timeouts during concurrent TLB invalidations.

Security

Fixed CVE-2026-31431 (copy.fail) in the Linux kernel.

Change

cos-125-19216-220-174

Change

Added support for the R595 Nvidia driver production branch.

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Fixed

Fixed KCTF-42156f9 in the Linux kernel.

Fixed

Upgraded app-admin/sosreport to v4.11.1.

Fixed

Upgraded app-shells/dash to v0.5.13.3.

Fixed

Upgraded sys-apps/makedumpfile to v1.7.9.

Security

Fixed CVE-2025-22116 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-70873 in dev-db/sqlite.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23255 in the Linux kernel.

Security

Fixed CVE-2026-23276 in the Linux kernel.

Security

Fixed CVE-2026-23302 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23374 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23399 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23442 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23465 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31406 in the Linux kernel.

Security

Fixed CVE-2026-31407 in the Linux kernel.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-31434 in the Linux kernel.

Security

Fixed CVE-2026-31438 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31448 in the Linux kernel.

Security

Fixed CVE-2026-31449 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31516 in the Linux kernel.

Security

Fixed CVE-2026-31519 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-31528 in the Linux kernel.

Security

Fixed CVE-2026-31531 in the Linux kernel.

Security

Fixed CVE-2026-31557 in the Linux kernel.

Security

Fixed CVE-2026-31648 in the Linux kernel.

Security

Fixed CVE-2026-31667 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Change

cos-121-18867-381-106

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Security

Fixed CVE-2025-70873 in dev-db/sqlite.

Security

Fixed CVE-2026-31430 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Change

cos-117-18613-534-104

Fixed

Added support for NVIDIA drivers v580.126.16 and v580.126.20.

Security

Fixed CVE-2025-70873 in dev-db/sqlite.

Security

Fixed CVE-2026-31430 in the Linux kernel.

Security

Fixed CVE-2026-31446 in the Linux kernel.

Security

Fixed CVE-2026-31447 in the Linux kernel.

Security

Fixed CVE-2026-31450 in the Linux kernel.

Security

Fixed CVE-2026-31451 in the Linux kernel.

Security

Fixed CVE-2026-31452 in the Linux kernel.

Security

Fixed CVE-2026-31453 in the Linux kernel.

Security

Fixed CVE-2026-31454 in the Linux kernel.

Security

Fixed CVE-2026-31455 in the Linux kernel.

Security

Fixed CVE-2026-31466 in the Linux kernel.

Security

Fixed CVE-2026-31469 in the Linux kernel.

Security

Fixed CVE-2026-31495 in the Linux kernel.

Security

Fixed CVE-2026-31496 in the Linux kernel.

Security

Fixed CVE-2026-31515 in the Linux kernel.

Security

Fixed CVE-2026-31521 in the Linux kernel.

Security

Fixed CVE-2026-31523 in the Linux kernel.

Security

Fixed CVE-2026-31525 in the Linux kernel.

Security

Fixed CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-27140, CVE-2026-27144 in dev-lang/go.

Security

Fixed CVE-2026-34743 in app-arch/xz-utils.

Change

cos-121-18867-381-95

Fixed

Resolved an issue that could cause soft lockups in stressed environments when iommu.strict=1.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Upgraded containerd to v2.0.8. This fixes CVE-2026-35469.

Change

cos-117-18613-534-95

Fixed

Resolved an issue that could cause soft lockups in stressed environments when iommu.strict=1

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31426 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4046 in sys-libs/glibc.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-42156f9 in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Updated spdystream to v0.5.1 for containerd. This fixed CVE-2026-35469.

Change

cos-113-18244-582-86

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Security

Fixed CVE-2026-31414 in the Linux kernel.

Security

Fixed CVE-2026-31415 in the Linux kernel.

Security

Fixed CVE-2026-31416 in the Linux kernel.

Security

Fixed CVE-2026-31418 in the Linux kernel.

Security

Fixed CVE-2026-31421 in the Linux kernel.

Security

Fixed CVE-2026-31423 in the Linux kernel.

Security

Fixed CVE-2026-31424 in the Linux kernel.

Security

Fixed CVE-2026-31427 in the Linux kernel.

Security

Fixed CVE-2026-31428 in the Linux kernel.

Security

Updated spdystream to v0.5.1 for containerd. This fixed CVE-2026-35469.

Change

cos-125-19216-220-150

Fixed

Resolved an issue that could cause soft lockups in stressed environments when iommu.strict=1

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded sys-libs/libseccomp to v2.6.0-r3.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-7e3955b in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Upgraded containerd to v2.1.7. This fixes CVE-2026-35469.

Change

cos-beta-129-19506-120-15

Fixed

Upgraded app-admin/fluent-bit to v4.2.4.

Fixed

Upgraded sys-apps/pv to v1.10.4.

Fixed

Upgraded sys-process/lsof to v4.99.6.

Security

Fixed CVE-2026-0994 in dev-libs/protobuf.

Security

Fixed CVE-2026-35414 in net-misc/openssh.

Security

Fixed CVE-2026-4437,CVE-2026-4438 in sys-libs/glibc.

Security

Fixed KCTF-7e3955b in the Linux kernel.

Security

Fixed KCTF-a9b8b18 in the Linux kernel.

Security

Upgrdaed containerd to v2.2.3. This fixes CVE-2026-35469.

Change

cos-beta-129-19506-0-140

Change

cos-dev-133-19700-0-0

Announcement

This is an LTS Refresh release.

Change

Added support for 8th generation TPU devices.

Change

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Feature

Changed default sysctl networking values on A4x-max machine type only.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Feature

Reverted iproute2 to v5.16.0.

Feature

Changed default sysctl networking values on A4x-max machine type only.

Fixed

Upgraded app-arch/unzip to v6.0_p29-r2.

Feature

Reverted iproute2 to v5.16.0.

Fixed

Upgraded app-containers/cni-plugins to v1.9.1.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtual queues are conditionally skipped.

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded net-misc/rsync to v3.4.1-r3.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded sys-apps/pv to v1.10.4.

Fixed

Upgraded sys-libs/zlib to v1.3.2-r1.

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Fixed

Upgraded dev-db/sqlite to v3.51.2.

Fixed

Upgraded net-misc/rsync to v3.4.1-r3.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded sys-process/procps to v4.0.6.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-121-18867-381-81

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2024-43826 in the Linux kernel.

Security

Fixed CVE-2025-38704 in the Linux kernel.

Security

Fixed CVE-2025-39748 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Change

cos-117-18613-534-80

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23244 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23401 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23441 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-23471 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Change

cos-113-18244-582-80

Fixed

Upgraded app-shells/dash to v0.5.13.2.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Security

Fixed CVE-2026-23439 in the Linux kernel.

Security

Fixed CVE-2026-23449 in the Linux kernel.

Security

Fixed CVE-2026-23452 in the Linux kernel.

Security

Fixed CVE-2026-23455 in the Linux kernel.

Security

Fixed CVE-2026-23456 in the Linux kernel.

Security

Fixed CVE-2026-23457 in the Linux kernel.

Security

Fixed CVE-2026-23458 in the Linux kernel.

Security

Fixed CVE-2026-31392 in the Linux kernel.

Security

Fixed CVE-2026-31400 in the Linux kernel.

Security

Fixed CVE-2026-31402 in the Linux kernel.

Security

Fixed CVE-2026-31403 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Change

cos-125-19216-220-130

Feature

Changed default sysctl networking values on A4x-max machine type only.

Feature

Reverted iproute2 to v5.16.0.

Fixed

Upgraded net-misc/rsync to v3.4.1-r3.

Fixed

Upgraded sys-apps/hwdata to v0.401.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-23343 in the Linux kernel.

Change

cos-117-18613-534-62

Security

Fixed CVE-2024-43826 in the Linux kernel.

Security

Fixed CVE-2025-38704 in the Linux kernel.

Security

Fixed CVE-2025-39748 in the Linux kernel.

Security

Fixed CVE-2025-39764 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed CVE-2026-23412 in the Linux kernel.

Security

Fixed CVE-2026-23413 in the Linux kernel.

Security

Fixed CVE-2026-23414 in the Linux kernel.

Change

cos-113-18244-582-62

Security

Fixed CVE-2025-38192 in the Linux kernel.

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-68265 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Security

Fixed CVE-2026-23113 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

cos-121-18867-381-63

Security

Fixed CVE-2025-40135 in the Linux kernel.

Security

Fixed CVE-2025-68206 in the Linux kernel.

Security

Fixed CVE-2025-68239 in the Linux kernel.

Security

Fixed CVE-2025-71161 in the Linux kernel.

Security

Fixed CVE-2026-23004 in the Linux kernel.

Security

Fixed CVE-2026-23050 in the Linux kernel.

Security

Fixed CVE-2026-23138 in the Linux kernel.

Security

Fixed CVE-2026-23245 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23271 in the Linux kernel.

Security

Fixed CVE-2026-23277 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23397 in the Linux kernel.

Security

Fixed CVE-2026-23398 in the Linux kernel.

Change

cos-beta-129-19506-0-121

Change

cos-dev-133-19681-0-0

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Change

Fixes a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-125-19216-220-117

Change

Made it so that /dev/hugepages is mounted as noexec for cchost boards.

Change

Made it so that /mnt/disks is mounted as noexec for cchost boards.

Change

Made it so that /run is mounted as noexec for cchost boards.

Change

Upgraded sys-apps/iproute2 to version 6.18.0.

Fixed

Fixed a kernel panic in virtio_pci teardown when virtually queues are conditionally skipped.

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23270 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-33997 and CVE-2026-34040 in Docker.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-beta-129-19506-0-115

Change

cos-dev-133-19672-0-0

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-125-19216-220-106

Security

Fixed CVE-2024-14027 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed KCTF-7cb9a23 in the Linux kernel.

Change

cos-beta-129-19506-0-109

Change

cos-dev-133-19666-0-0

Change

Fixed CVE-2026-27135 in net-libs/nghttp2.

Change

Updated the Linux kernel to v6.12.77.

Feature

Enabled dynamic configuration of FUSE max pages limit.

Feature

Enabled dynamic configuration of FUSE max pages limit.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23297 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23316 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23380 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23383 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23390 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Change

cos-125-19216-220-99

Feature

Enabled dynamic configuration of FUSE max pages limit.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23297 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23316 in the Linux kernel.

Security

Fixed CVE-2026-23319 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23360 in the Linux kernel.

Security

Fixed CVE-2026-23380 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23383 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23390 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Change

Runtime sysctl changes:

• Added: fs.fuse.max_pages_limit: 256

Change

cos-121-18867-381-56

Feature

Added support for loading the ublk kernel module.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-9df9578 in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

Change

cos-117-18613-534-53

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23310 in the Linux kernel.

Security

Fixed CVE-2026-23351 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23381 in the Linux kernel.

Security

Fixed CVE-2026-23386 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Security

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63487 -> 63199
• Changed: user.max_cgroup_namespaces: 31743 -> 31599
• Changed: user.max_ipc_namespaces: 31743 -> 31599
• Changed: user.max_mnt_namespaces: 31743 -> 31599
• Changed: user.max_net_namespaces: 31743 -> 31599
• Changed: user.max_pid_namespaces: 31743 -> 31599
• Changed: user.max_time_namespaces: 31743 -> 31599
• Changed: user.max_user_namespaces: 31743 -> 31599
• Changed: user.max_uts_namespaces: 31743 -> 31599

Change

cos-113-18244-582-55

Fixed

Updated cos-gpu-installer to v2.6.1.

Security

Fixed CVE-2026-23292 in the Linux kernel.

Security

Fixed CVE-2026-23293 in the Linux kernel.

Security

Fixed CVE-2026-23296 in the Linux kernel.

Security

Fixed CVE-2026-23300 in the Linux kernel.

Security

Fixed CVE-2026-23303 in the Linux kernel.

Security

Fixed CVE-2026-23304 in the Linux kernel.

Security

Fixed CVE-2026-23340 in the Linux kernel.

Security

Fixed CVE-2026-23352 in the Linux kernel.

Security

Fixed CVE-2026-23359 in the Linux kernel.

Security

Fixed CVE-2026-23368 in the Linux kernel.

Security

Fixed CVE-2026-23388 in the Linux kernel.

Security

Fixed CVE-2026-23391 in the Linux kernel.

Security

Fixed CVE-2026-23392 in the Linux kernel.

Security

Fixed CVE-2026-27135 in net-libs/nghttp2.

Security

Fixed CVE-2026-27448 in dev-python/pyopenssl.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: kernel.threads-max: 63503 -> 63215
• Changed: user.max_cgroup_namespaces: 31751 -> 31607
• Changed: user.max_ipc_namespaces: 31751 -> 31607
• Changed: user.max_mnt_namespaces: 31751 -> 31607
• Changed: user.max_net_namespaces: 31751 -> 31607
• Changed: user.max_pid_namespaces: 31751 -> 31607
• Changed: user.max_time_namespaces: 31751 -> 31607
• Changed: user.max_user_namespaces: 31751 -> 31607
• Changed: user.max_uts_namespaces: 31751 -> 31607

Change

cos-beta-129-19506-0-98

Change

Added support for the Lustre 2.14.0_p249 drivers.

Change

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Feature

Added support for loading the ublk kernel module.

Fixed

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23083 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23086 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-117-18613-534-48

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for loading the ublk kernel module.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-27459 in dev-python/pyopenssl.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Change

cos-125-19216-220-87

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for loading the ublk kernel module.

Fixed

Added CPU balloon support for Arm CPUs.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to 2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-dev-133-19654-0-0

Fixed

Fixed an ek-cpu-balloon bug which would result in CPUs being underreported on ek machines with SMT enabled.

Fixed

Upgraded dev-db/sqlite to v3.51.3.

Fixed

Upgraded dev-libs/expat to v2.7.5.

Fixed

Upgraded virtual/logger to v0-r3.

Security

Fixed CVE-2026-32597 with pyjwt package upgrade to v2.12.1.

Security

Fixed KCTF-329f0b9 in the Linux kernel.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-125-19216-220-72

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Added CPU balloon support for Arm CPUs.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-71265 in the Linux kernel.

Security

Fixed CVE-2025-71266 in the Linux kernel.

Security

Fixed CVE-2025-71267 in the Linux kernel.

Security

Fixed CVE-2025-71268 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed CVE-2026-23262 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-121-18867-381-45

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Fixed CVE-2025-69648 in binutils-libs.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-dev-133-19633-0-0

Change

Added support for the Lustre 2.14.0_p249 drivers.

Feature

Added support for 8th generation TPU devices.

Fixed

Upgraded app-admin/google-osconfig-agent to v20260119.00.

Fixed

Upgraded chromeos-base/google-breakpad to v2026.03.03.162944-r270.

Fixed

Upgraded dev-libs/expat to v2.7.4.

Fixed

Upgraded net-firewall/iptables to v1.8.13.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed KCTF-c9bc175 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-117-18613-534-44

Change

Added support for the Lustre 2.14.0_p249 drivers.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2026-23231 in the Linux kernel.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Fixed CVE-2026-23254 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-113-18244-582-47

Fixed

Upgraded sys-apps/file to v5.47-r1.

Security

Fixed CVE-2024-26822 in the Linux kernel.

Security

Fixed CVE-2025-69647 in binutils-libs.

Security

Fixed CVE-2026-23243 in the Linux kernel.

Security

Updated net-misc/curl to v8.19.0. This resolves CVE-2026-1965 and CVE-2026-3783.

Security

Updated sys-libs/binutils-libs to 2.46.0. This resolves CVE-2025-69644.

Change

cos-beta-129-19506-0-66

Change

cos-dev-133-19619-0-0

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Breaking

/dev/hugepages is now mounted with the noexec option.

Breaking

/dev/hugepages is now mounted with the noexec option.

Change

Updated cos-gpu-installer to v2.6.0.

Breaking

/run is now mounted with the noexec option.

Change

Updated the Linux kernel to v6.12.76.

Change

Updated cos-gpu-installer to v2.6.0.

Change

Upgraded CASFS to v0.1.2.

Change

Upgraded CASFS to v0.1.2.

Feature

Switched to using systemd-resolved stub resolver by default, which fixes DNS caching issues.

Change

Upgraded app-containers/containerd to v2.2.2.

Feature

Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.

Change

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Feature

Added support for larger ring sizes for the GVNIC driver in DQO-QPL mode.

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Enabled buffer overflow detection for kernel str/mem functions.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Fixed

Upgraded dev-util/gn to v2331.

Fixed

Fixed performance and efficiency issues in TCPX through optimized netmem handling and scatter-gather list coalescing for large memory mappings.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/acl to v2.3.2-r3.

Fixed

Upgraded sys-apps/file to v5.47.

Fixed

Updated cos-gpu-installer to v2.6.1.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Fixed

Upgraded dev-utils/gdbus-codegen to v2.86.3.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Fixed

Upgraded app-admin/fluent-bit to v4.2.3.1.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Fixed CVE-2026-23240 in the Linux kernel.

Security

Fixed a packet header clobbering issue in the IDPF driver occurring when SWIOTLB and header split are enabled.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Change

cos-121-18867-381-35

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

Change

cos-117-18613-534-36

Security

Fixed CVE-2025-38162 in the Linux kernel.

Security

Fixed CVE-2025-38162 in the Linux kernel.

Change

cos-113-18244-582-42

Security

Fixed CVE-2026-23054 in the Linux kernel.

Security

Fixed KCTF-71e99ee in the Linux kernel.

Change

cos-125-19216-220-57

Change

Fixed the "CrackArmor" vulnerability in the Linux kernel.

Fixed

Downgraded ek-cpu-balloon driver to version 1.1.0 to address efficiency daemon issues.

Change

cos-113-18244-582-40

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2023-53421 in the Linux kernel.

Security

Fixed CVE-2025-13601, CVE-2025-14512, CVE-2025-14087 in dev-libs/glib.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-37920 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2025-38591 in the Linux kernel.

Security

Fixed CVE-2025-40251 in the Linux kernel.

Security

Fixed CVE-2025-71089 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Change

cos-117-18613-534-35

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-22026 in the Linux kernel.

Security

Fixed CVE-2025-38201 in the Linux kernel.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3 and gdbus-codegen to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-121-18867-381-30

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/file to v5.47.

Security

Fixed CVE-2025-38234 in the Linux kernel.

Security

Fixed CVE-2026-23100 in the Linux kernel.

Change

cos-125-19216-220-43

Change

Updated cos-gpu-installer to v2.6.0.

Fixed

Upgraded app-admin/node-problem-detector to v0.8.25.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Change

cos-125-19216-220-39

Fixed

Fixed a kernel bug which could cause traffic drops after NIC resets.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-125-19216-220-38

Security

Fixed CVE-2026-23100 in the Linux kernel.

Change

Runtime sysctl changes:

• Changed: net.ipv4.udp_mem: 188034 250715 376068 -> 188034 250714 376068

Change

cos-113-18244-582-29

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Fixed

Upgraded net-dns/c-ares to v1.31.0.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2025-6075 in python.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2025-61732 in dev-lang/go.

Security

Fixed CVE-2026-23086 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23119 in the Linux kernel.

Security

Fixed CVE-2026-23124 in the Linux kernel.

Security

Fixed CVE-2026-23145 in the Linux kernel.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-125-19216-220-34

Change

Added support for the Lustre 2.14.0_p246 drivers.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Fixed

Upgraded the galog version to v0.0.0-20250924170816-9dbf105986f4 in google-guest-agent to fix an issue with high CPU consumption.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-121-18867-381-24

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Fixed

Upgraded dev-util/gdbus-codegen to v2.86.3.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23229 in the Linux kernel.

Security

Fixed CVE-2026-23230 in the Linux kernel.

Security

Upgraded dev-libs/glib to v2.86.3. This fixes CVE-2025-14087, CVE-2025-14512 and CVE-2025-13601.

Change

cos-117-18613-534-24

Change

Added support for the Lustre 2.14.0_p246 drivers.

Change

Fixed an issue where most platforms would use only half of the available GVNIC TX queues.

Security

Fixed CVE-2025-58187 in dev-lang/go.

Security

Fixed CVE-2025-61732 in dev-lang/go.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-121-18867-381-14

Change

Added support for the Lustre 2.14.0_p246 drivers.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-beta-129-19506-0-32

Change

cos-dev-133-19566-0-0

Change

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Change

Made it so that /run is mounted as noexec.

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Change

Updated the Linux kernel to v6.12.74.

Security

Fixed CVE-2025-68358 in the Linux kernel.

Change

Upgraded containerd to v2.2.1.

Security

Fixed CVE-2025-68365 in the Linux kernel.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Security

Fixed CVE-2025-68725 in the Linux kernel.

Feature

Added support for NVIDIA driver v535.288.01, v570.211.01 and v580.126.09.

Security

Fixed CVE-2025-71225 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Security

Fixed CVE-2026-23113 in the Linux kernel.

Fixed

Enabled buffer overflow detection for kernel str/mem functions.

Security

Fixed CVE-2026-23119 in the Linux kernel.

Fixed

Upgraded app-admin/google-guest-agent to v20260121.00.

Security

Fixed CVE-2026-23124 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260128.00.

Security

Fixed CVE-2026-23148 in the Linux kernel.

Fixed

Upgraded app-admin/oslogin to v20260129.00.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Fixed

Upgraded dev-db/sqlite to v3.51.2.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Fixed

Upgraded net-libs/libnetfilter_conntrack to v1.1.1.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Security

Fixed CVE-2026-23161 in the Linux kernel.

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Fixed

Upgraded sys-apps/gentoo-functions to v1.7.6.

Security

Fixed CVE-2026-23173 in the Linux kernel.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2026-23177 in the Linux kernel.

Fixed

Upgraded sys-process/procps to v4.0.6.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2025-40147 in the Linux kernel.

Security

Fixed CVE-2026-23199 in the Linux kernel.

Security

Fixed CVE-2026-0915 in sys-apps/glibc.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Updated dev-libs/libxml2 to version 2.14.6. This resolves CVE-2025-6021.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Updated dev-libs/openssl to v3.5.5. This resolves CVE-2025-15467.

Security

Fixed CVE-2026-23214 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Security

Fixed CVE-2026-23215 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23219 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Change

cos-125-19216-220-24

Change

Fixed CVE-2026-23177 in the Linux kernel.

Feature

Added support for 590.44.01 and 590.48.01 NVIDIA driver for NVIDIA_RTX_PRO_6000

Fixed

Added support for NVIDIA driver v580.126.09-grid for NVIDIA_RTX_PRO_6000 GPU type.

Fixed

Upgraded app-admin/sosreport to v4.11.0.

Fixed

Upgraded net-misc/rsync to v3.4.1-r2.

Fixed

Upgraded net-misc/socat to v1.8.1.1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-47912, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61726, and CVE-2025-61728 in dev-lang/go.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2025-71225 in the Linux kernel.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23148 in the Linux kernel.

Security

Fixed CVE-2026-23154 in the Linux kernel.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Fixed CVE-2026-23161 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Fixed CVE-2026-23173 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23199 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23212 in the Linux kernel.

Security

Fixed CVE-2026-23214 in the Linux kernel.

Security

Fixed CVE-2026-23215 in the Linux kernel.

Security

Fixed CVE-2026-23216 in the Linux kernel.

Security

Fixed CVE-2026-23219 in the Linux kernel.

Security

Fixed KCTF-e3f000f in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-113-18244-582-11

Security

Fixed CVE-2023-54285 in the Linux kernel.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-38232 in the Linux kernel.

Security

Fixed CVE-2025-68725 in the Linux kernel.

Security

Fixed CVE-2026-22998 in the Linux kernel.

Security

Fixed CVE-2026-22999 in the Linux kernel.

Security

Fixed CVE-2026-23001 in the Linux kernel.

Security

Fixed CVE-2026-23003 in the Linux kernel.

Security

Fixed CVE-2026-23005 in the Linux kernel.

Security

Fixed CVE-2026-23010 in the Linux kernel.

Security

Fixed CVE-2026-23011 in the Linux kernel.

Security

Fixed CVE-2026-23025 in the Linux kernel.

Security

Fixed CVE-2026-23038 in the Linux kernel.

Security

Fixed CVE-2026-23069 in the Linux kernel.

Security

Fixed CVE-2026-23085 in the Linux kernel.

Security

Fixed CVE-2026-23095 in the Linux kernel.

Security

Fixed CVE-2026-23097 in the Linux kernel.

Security

Fixed CVE-2026-23099 in the Linux kernel.

Security

Fixed CVE-2026-23102 in the Linux kernel.

Security

Fixed CVE-2026-23103 in the Linux kernel.

Security

Fixed CVE-2026-23105 in the Linux kernel.

Security

Fixed CVE-2026-23107 in the Linux kernel.

Security

Fixed CVE-2026-23110 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Fixed KCTF-f8db647 in the Linux kernel.

Change

cos-117-18613-534-15

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2025-15281 and CVE-2026-0861 in sys-libs/glibc.

Security

Fixed CVE-2025-6075 in python.

Security

Fixed CVE-2025-60753 in libarchive.

Security

Fixed CVE-2026-23112 in the Linux kernel.

Security

Fixed CVE-2026-23176 in the Linux kernel.

Security

Fixed CVE-2026-23179 in the Linux kernel.

Security

Fixed CVE-2026-23193 in the Linux kernel.

Security

Fixed CVE-2026-23198 in the Linux kernel.

Security

Fixed CVE-2026-23200 in the Linux kernel.

Security

Fixed CVE-2026-23204 in the Linux kernel.

Security

Fixed CVE-2026-23205 in the Linux kernel.

Security

Fixed CVE-2026-23209 in the Linux kernel.

Security

Fixed KCTF-f41c5d1 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.

Change

cos-121-18867-381-1

Fixed

Upgraded net-misc/socat to v1.8.1.0-r1.

Fixed

Upgraded sys-apps/less to v692.

Security

Fixed CVE-2026-23156 in the Linux kernel.

Security

Fixed CVE-2026-23159 in the Linux kernel.

Security

Fixed CVE-2026-23168 in the Linux kernel.

Security

Upgraded net-misc/curl to version 8.18.0. This fixes CVE-2025-10148, CVE-2025-10966, CVE-2025-13034, CVE-2025-14017, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224.