# Amazon Linux 2 version 2.0.20210427.0 release notes
<a name="relnotes-20210427"></a>

These are the release notes for Amazon Linux 2 version 2.0.20210427.0.

## Major updates
<a name="major-updates-20210427"></a>
+ ec2-net-utils bug fixed with multiple secondary IPs attached to one ENI.

## Package updates
<a name="package-updates-20210427"></a>

Amazon Linux 2 includes the following packages.
+ ec2-net-utils-1.5-3.amzn2.noarch 
+ kernel-4.14.231-173.361.amzn2.x86\_64 
+ kernel-devel-4.14.231-173.36.amzn2.x86\_64 
+ kernel-headers-4.14.231-173.361.amzn2.x86\_64 
+ kernel-tools-4.14.231-173.361.amzn2.x86\_64 
+ pystache-0.5.3-2.amzn2.noarch 
+ python-daemon-1.6-4.amzn2.noarch 
+ python-lockfile-0.9.1-4.amzn2.noarch

## Kernel updates
<a name="kernel-updates-20210427"></a>

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:
+ CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure] 
+ CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw\_wx\_set\_scan()] 
+ CVE-2021-29265 [usbip: fix stub\_dev usbip\_sockfd\_store() races leading to gpf] 
+ CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root] 
+ CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status] 
+ CVE-2021-28972 [PCI: rpadlpar: Fix potential drc\_name corruption in store functions] 
+ CVE-2021-28688 [xen-blkback: don't leak persistent grants from xen\_blkbk\_map()] 
+ CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr\_recvmsg()] 
+ CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy\_ioctl()] 
+ CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64] 
+ CVE-2020-25670 [nfc: fix refcount leak in llcp\_sock\_bind()] 
+ CVE-2020-25671 [nfc: fix refcount leak in llcp\_sock\_connect()] 
+ CVE-2020-25672 [nfc: fix memory leak in llcp\_sock\_connect()]

Amazon Features and Backports:
+ nitro enclaves: Fixes dangling file descriptor [ALAS2-2021-1634] 
+ net: Fixes gro aggregation for udp encaps with zero csum 
+ net: Avoids infinite loop in mpls\_gso\_segment when mpls\_hlen == 0 
+ configfs: Fixed a use-after-free in configfs\_open\_file 
+ include/linux/sched/mm.h: Use rcu\_dereference in in\_vfork() 
+ KVM: arm64: Fixes exclusive limit for IPA size 
+ ext4: Handles error of ext4\_setup\_system\_zone() on remount 
+ ext4: Checks journal inode extents more carefully 
+ ext4: Finds old entry again if failed to rename whiteout 
+ ext4: Doesn't try to set xattr into ea\_inode if value is empty 
+ ext4: Fixes potential error in ext4\_do\_update\_inode 
+ locking/mutex: Fixed non debug version of mutex\_lock\_io\_nested() 
+ ext4: Fixes bh ref count on error paths 
+ ext4: Doesn't input inode under running transaction in ext4\_rename() 
+ mm: Fixes race by making init\_zero\_pfn() early\_initcall 
+ KVM: arm64: Disables guest access to trace filter controls