Amazon Linux 2.0.20220207.0 release notes - Amazon Linux 2
Major updatesKernel updates

Amazon Linux 2.0.20220207.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • None.

Kernel updates

Rebase kernel to upstream stable 5.10.96.

CVEs fixed:

  • CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]

  • CVE-2022-0492 [kernel: cgroups v1 release_agent feature may allow privilege escalation]

Amazon Features and Backports:

  • lustre: update to AmazonFSxLustreClient v2.10.8-10

  • drivers/base/memory: introduce memory_block_{online,offline}

  • mm,memory_hotplug: relax fully spanned sections check

  • mm,memory_hotplug: factor out adjusting present pages into adjust_present_page_count()

  • mm,memory_hotplug: allocate memmap from the added memory range

  • acpi,memhotplug: enable MHP_MEMMAP_ON_MEMORY when supported

  • mm,memory_hotplug: add kernel boot option to enable memmap_on_memory

  • x86/Kconfig: introduce ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE

  • arm64/Kconfig: introduce ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE

  • drivers/base/memory: fix trying offlining memory blocks with memory holes on aarch64

  • drivers/base/memory: use MHP_MEMMAP_ON_MEMORY from the probe interface

  • mm: add offline page reporting interface

  • virtio: add hack to allow pre-mapped scatterlists

  • virtio-balloon: optionally report offlined memory ranges

  • audit: improve audit queue handling when "audit=1" on cmdline

  • cgroup-v1: Require capabilities to set release_agent

Rebase kernel to upstream stable 4.14.262

CVEs fixed:

  • CVE-2021-4083 [fget: check that the fd still exists after getting a ref to it]

  • CVE-2021-39685 [USB: gadget: detect too-big endpoint 0 requests]

  • CVE-2021-28711 [xen/blkfront: harden blkfront against event channel storms]

  • CVE-2021-28712 [xen/netfront: harden netfront against event channel storms]

  • CVE-2021-28713 [xen/console: harden hvc_xen against event channel storms]

  • CVE-2021-28714 [xen/netback: fix rx queue stall detection]

  • CVE-2021-28715 [xen/netback: don't queue unlimited number of packages]

  • CVE-2021-44733 [tee: handle lookup of shm with reference count 0]

  • CVE-2021-4155 [xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate]

  • CVE-2022-0492 [kernel: cgroups v1 release_agent feature may allow privilege escalation]

Amazon Features and Backports:

  • ena: Update to 2.6.0

  • fuse: fix bad inode

  • fuse: fix live lock in fuse_iget()

  • lustre: update to AmazonFSxLustreClient v2.10.8-10

  • cgroup-v1: Require capabilities to set release_agent

  • audit: improve audit queue handling when "audit=1" on cmdline

  • ENA: Update to v2.6.1

Other Fixes:

  • tracing: Fix pid filtering when triggers are attached

  • NFSv42: Don't fail clone() unless the OP_CLONE operation failed

  • ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE

  • ipv6: fix typos in ip6_finish_output()

  • tracing: Check pid filtering when creating events

  • PCI: aardvark: Train link immediately after enabling training

  • PCI: aardvark: Update comment about disabling link training

Kernel

kernel-4.14.262-200.489.amzn2.aarch64

kernel-4.14.262-200.489.amzn2.x86_64

kernel-5.10.96-90.460.amzn2.aarch64

kernel-5.10.96-90.460.amzn2.x86_64

kernel-devel-4.14.262-200.489.amzn2.x86_64

kernel-headers-4.14.262-200.489.amzn2.x86_64

kernel-tools-4.14.262-200.489.amzn2.aarch64

kernel-tools-4.14.262-200.489.amzn2.x86_64

kernel-tools-5.10.96-90.460.amzn2.aarch64

kernel-tools-5.10.96-90.460.amzn2.x86_64