Amazon Linux 2.0.20220207.0 release notes - Amazon Linux 2
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Linux 2.0.20220207.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • None.

Kernel updates

Rebase kernel to upstream stable 5.10.96.

CVEs fixed:

  • CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]

  • CVE-2022-0492 [kernel: cgroups v1 release_agent feature may allow privilege escalation]

Amazon Features and Backports:

  • lustre: update to AmazonFSxLustreClient v2.10.8-10

  • drivers/base/memory: introduce memory_block_{online,offline}

  • mm,memory_hotplug: relax fully spanned sections check

  • mm,memory_hotplug: factor out adjusting present pages into adjust_present_page_count()

  • mm,memory_hotplug: allocate memmap from the added memory range

  • acpi,memhotplug: enable MHP_MEMMAP_ON_MEMORY when supported

  • mm,memory_hotplug: add kernel boot option to enable memmap_on_memory

  • x86/Kconfig: introduce ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE

  • arm64/Kconfig: introduce ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE

  • drivers/base/memory: fix trying offlining memory blocks with memory holes on aarch64

  • drivers/base/memory: use MHP_MEMMAP_ON_MEMORY from the probe interface

  • mm: add offline page reporting interface

  • virtio: add hack to allow pre-mapped scatterlists

  • virtio-balloon: optionally report offlined memory ranges

  • audit: improve audit queue handling when "audit=1" on cmdline

  • cgroup-v1: Require capabilities to set release_agent

Rebase kernel to upstream stable 4.14.262

CVEs fixed:

  • CVE-2021-4083 [fget: check that the fd still exists after getting a ref to it]

  • CVE-2021-39685 [USB: gadget: detect too-big endpoint 0 requests]

  • CVE-2021-28711 [xen/blkfront: harden blkfront against event channel storms]

  • CVE-2021-28712 [xen/netfront: harden netfront against event channel storms]

  • CVE-2021-28713 [xen/console: harden hvc_xen against event channel storms]

  • CVE-2021-28714 [xen/netback: fix rx queue stall detection]

  • CVE-2021-28715 [xen/netback: don't queue unlimited number of packages]

  • CVE-2021-44733 [tee: handle lookup of shm with reference count 0]

  • CVE-2021-4155 [xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate]

  • CVE-2022-0492 [kernel: cgroups v1 release_agent feature may allow privilege escalation]

Amazon Features and Backports:

  • ena: Update to 2.6.0

  • fuse: fix bad inode

  • fuse: fix live lock in fuse_iget()

  • lustre: update to AmazonFSxLustreClient v2.10.8-10

  • cgroup-v1: Require capabilities to set release_agent

  • audit: improve audit queue handling when "audit=1" on cmdline

  • ENA: Update to v2.6.1

Other Fixes:

  • tracing: Fix pid filtering when triggers are attached

  • NFSv42: Don't fail clone() unless the OP_CLONE operation failed

  • ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE

  • ipv6: fix typos in ip6_finish_output()

  • tracing: Check pid filtering when creating events

  • PCI: aardvark: Train link immediately after enabling training

  • PCI: aardvark: Update comment about disabling link training

Kernel

kernel-4.14.262-200.489.amzn2.aarch64

kernel-4.14.262-200.489.amzn2.x86_64

kernel-5.10.96-90.460.amzn2.aarch64

kernel-5.10.96-90.460.amzn2.x86_64

kernel-devel-4.14.262-200.489.amzn2.x86_64

kernel-headers-4.14.262-200.489.amzn2.x86_64

kernel-tools-4.14.262-200.489.amzn2.aarch64

kernel-tools-4.14.262-200.489.amzn2.x86_64

kernel-tools-5.10.96-90.460.amzn2.aarch64

kernel-tools-5.10.96-90.460.amzn2.x86_64