gcp Google Cloud release notes · 4d ago

Container Optimized OS updates kernel, drivers, and security fixes

securitygcpsecurity-advisoryengineer

security patch

Container Optimized OS has released several updates across multiple versions, including kernel upgrades, GPU driver support, and various package updates. These changes address numerous security vulnerabilities, such as CVEs in the Linux kernel and in packages like pyjwt and urllib3. Users of Container Optimized OS should review these updates to ensure their systems are patched against known security risks.

→cos-129-19506-224-36
→cos-dev-133-19862-0-0
→cos-117-18613-613-56
→cos-125-19216-395-101
→cos-121-18867-381-177

Security (68) ›

Container Optimized OS

Fixed CVE-2025-71289 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43245 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43503 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-45838 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-45839 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-45841 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-45842 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-45843 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-45844 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46243 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46244 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46274 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46300 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46316 in the Linux kernel.
Container Optimized OS

Fixed KCTF-def602e in the Linux kernel.
Container Optimized OS

Fixed KCTF-e5b31d9 in the Linux kernel.
Container Optimized OS

Updated dev-python/pyjwt to v2.13.0. This fixes CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.
Container Optimized OS

Fixed CVE-2026-44431 in dev-python/urllib3.
Container Optimized OS

Fixed CVE-2026-6732 in dev-libs/libxml2.
Container Optimized OS

Updated dev-lang/go to 1.25.10. This fixes CVE-2026-33814,CVE-2026-39819,CVE-2026-39823,CVE-2026-39825,CVE-2026-42499,CVE-2026-39817,CVE-2026-39820,CVE-2026-39826,CVE-2026-39836.
Container Optimized OS

Updated dev-python/pyjwt to v2.13.0. This fixes CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.
Container Optimized OS

Updated net-misc/curl to v8.20. This fixes CVE-2026-5545,CVE-2026-4873,CVE-2026-6429,CVE-2026-7168,CVE-2026-6253,CVE-2026-6276,CVE-2026-7009,CVE-2026-5773.
Container Optimized OS

Fixed CVE-2024-56647 in the Linux kernel.
Container Optimized OS

Fixed CVE-2025-38584 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-23272 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-23394 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-31527 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43492 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43496 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43503 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46243 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46244 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46274 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46289 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46294 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46303 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46304 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46306 in the Linux kernel.
Container Optimized OS

Updated dev-python/pyjwt to v2.13.0. This fixes CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.
Container Optimized OS

Fixed CVE-2025-71289 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-23394 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43245 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46160 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46244 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46274 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46283 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46289 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46294 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46303 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46304 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46306 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46316 in the Linux kernel.
Container Optimized OS

Fixed KCTF-def602e in the Linux kernel.
Container Optimized OS

Updated dev-python/pyjwt to v2.13.0. This fixes CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.
Container Optimized OS

Fixed CVE-2026-23394 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-31527 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43492 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-43496 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46243 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46244 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46274 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46289 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46294 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46303 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46304 in the Linux kernel.
Container Optimized OS

Fixed CVE-2026-46306 in the Linux kernel.
Container Optimized OS

Fixed KCTF-def602e in the Linux kernel.
Container Optimized OS

Updated dev-python/pyjwt to v2.13.0. This fixes CVE-2026-48522, CVE-2026-48524, CVE-2026-48525, CVE-2026-485256.

Enhancements (14) ›

Container Optimized OS cos-129-19506-224-36

Kernel Docker Containerd GPU Drivers COS-6.12.90 v27.5.1 v2.2.3 See List

GPU Drivers COS-6.12.90 See List
Container Optimized OS cos-dev-133-19862-0-0

Kernel Docker Containerd GPU Drivers COS-6.18.35 v29.4.3 v2.2.3 See List

GPU Drivers COS-6.18.35 See List
Container Optimized OS

Allow overriding IMA policy from oem partition.
Container Optimized OS

On cchost boards, autoload IMA policy on boot.
Container Optimized OS

Set static UUID for the stateful partition.
Container Optimized OS

Update sys-process/audit to v3.0.9.
Container Optimized OS

Updated glib to v2.86.5.
Container Optimized OS

Updated sys-libs/pam to v1.5.3.
Container Optimized OS

Updated the Linux kernel to v6.18.35.
Container Optimized OS

Upgraded net-misc/openssh to v10.0_p2.
Container Optimized OS

Upgraded sys-apps/ek-cpu-balloon to v1.2.3.
Container Optimized OS cos-117-18613-613-56

Kernel Docker Containerd GPU Drivers COS-6.6.137 v24.0.9 v1.7.31 See List

GPU Drivers COS-6.6.137 See List
Container Optimized OS cos-125-19216-395-101

Kernel Docker Containerd GPU Drivers COS-6.12.85 v27.5.1 v2.1.7 See List

GPU Drivers COS-6.12.85 See List
Container Optimized OS cos-121-18867-381-177

Kernel Docker Containerd GPU Drivers COS-6.6.137 v27.5.1 v2.0.8 See List

GPU Drivers COS-6.6.137 See List

Fixes (22) ›

Container Optimized OS

Upgraded app-admin/fluent-bit to v4.2.5.
Container Optimized OS

Upgraded cos-gpu-installer to v2.7.3.
Container Optimized OS

Upgraded sys-apps/less to v702.
Container Optimized OS

Added support for NVIDIA driver v580.159.04.
Container Optimized OS

Fixed a crash that occurs when using the configfile or source GRUB2 commands when Secure Boot is enabled.
Container Optimized OS

Upgraded app-containers/docker to v29.4.3, Upgraded app-containers/docker-test to v29.4.3, Upgraded app-containers/docker-cli to v29.4.3.
Container Optimized OS

Upgraded app-containers/docker-credential-helpers to v0.9.7.
Container Optimized OS

Upgraded cos-gpu-installer to v2.7.2.
Container Optimized OS

Upgraded sys-apps/gentoo-functions to v1.7.7.
Container Optimized OS

Upgraded sys-apps/less to v702.
Container Optimized OS

Upgraded sys-libs/libcap-ng to v0.9.3.
Container Optimized OS

Fixed a race condition triggered by ext4 online resize that rarely causes machines to fail to boot.
Container Optimized OS

Upgraded cos-gpu-installer to v2.7.4.
Container Optimized OS

Upgraded dev-libs/libusb to v1.0.30.
Container Optimized OS

Upgraded sys-apps/less to v702.
Container Optimized OS

Fixed a race condition triggered by ext4 online resize that rarely causes machines to fail to boot.
Container Optimized OS

Upgraded cos-gpu-installer to v2.7.4.
Container Optimized OS

Upgraded sys-apps/less to v702.
Container Optimized OS

Uprev sys-kernel/lakitu-kernel-6_12 to v6.12.92
Container Optimized OS

Fixed a race condition triggered by ext4 online resize that rarely causes machines to fail to boot.
Container Optimized OS

Upgraded cos-gpu-installer to v2.7.4.
Container Optimized OS

Upgraded sys-apps/less to v702.

Read the original announcement →

https://docs.cloud.google.com/release-notes#June_15_2026