# Amazon Linux 2 version 2.0.20210318.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210318.0.
## Major updates
+ Yum will now not attempt to make IMDSv1 calls.
+ The amazon-linux-extras utility has been updated to support a simpler format of the Extras catalog. At some point in the future, the 2.0 version of amazon-linux-extras will be required to access any new Extras.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-linux-extras-2.0.0-1.amzn2.noarch |
| amazon-linux-extras-yum-plugin-2.0.0-1.amzn2.noarch |
| bind-export-libs-9.11.4-26.P2.amzn2.4.x86\$164 |
| bind-libs-9.11.4-26.P2.amzn2.4.x86\$164 |
| bind-libs-lite-9.11.4-26.P2.amzn2.4.x86\$164 |
| bind-license-9.11.4-26.P2.amzn2.4.noarch |
| bind-utils-9.11.4-26.P2.amzn2.4.x86\$164 |
| cloud-init-19.3-43.amzn2.noarch |
| glibc-2.26-42.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-42.amzn2.x86\$164 |
| glibc-common-2.26-42.amzn2.x86\$164 |
| glibc-devel-2.26-42.amzn2.x86\$164 |
| glibc-headers-2.26-42.amzn2.x86\$164 |
| glibc-locale-source-2.26-42.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-42.amzn2.x86\$164 |
| kernel-4.14.225-168.357.amzn2.x86\$164 |
| kernel-devel-4.14.225-168.357.amzn2.x86\$164 |
| kernel-headers-4.14.225-168.357.amzn2.x86\$164 |
| kernel-tools-4.14.225-168.357.amzn2.x86\$164 |
| libcrypt-2.26-42.amzn2.x86\$164 |
| pyliblzma-0.5.3-25.amzn2.x86\$164 |
| yum-3.4.3-158.amzn2.0.5.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.225.
CVEs fixed:
+ CVE-2021-26930 [xen-blkback: Fixes error handling in xen\$1blkbk\$1map()]
+ CVE-2021-26931 [xen-blkback: Doesn't "handle" error by BUG()]
+ CVE-2021-26932 [Xen/x86: Doesn't bail early from clear\$1foreign\$1p2m\$1mapping()]
+ CVE-2021-27363 [scsi: iscsi: Restricts sessions and handles to admin capabilities]
+ CVE-2021-27364 [scsi: iscsi: Restricts sessions and handles to admin capabilities]
+ CVE-2021-27365 [scsi: iscsi: Ensures sysfs attributes are limited to PAGE\$1SIZE]
+ CVE-2021-28038 [Xen/gnttab: Handles p2m update errors on a per-slot basis]
Amazon Features and Backports:
+ arm64: kaslr: Refactors early init command line parsing
+ arm64: Extends the kernel command line from the bootloader
+ arm64: Exports acpi\$1psci\$1use\$1hvc() symbol
+ hwrng: Adds Gravition RNG driver
+ iommu/vt-d: Skips TE disabling on quirky gfx dedicated iommu
+ x86/x2apic: Marks set\$1x2apic\$1phys\$1mode() as init
+ x86/apic: Deinlines x2apic functions
+ x86/apic: Fixes x2apic enablement without interrupt remapping
+ x86/msi: Only uses high bits of MSI address for DMAR unit
+ x86/io\$1apic: Re-evaluates vector configuration on activate()
+ x86/ioapic: Handles Extended Destination ID field in RTE
+ x86/apic: Adds support for 15 bits of APIC ID in MSI where available
+ x86/kvm: Reserves KVM\$1FEATURE\$1MSI\$1EXT\$1DEST\$1ID
+ x86/kvm: Enables 15-bit extension for when KVM\$1FEATURE\$1MSI\$1EXT\$1DEST\$1ID is detected
+ arm64: HWCAP: Adds support for AT\$1HWCAP2
+ arm64: HWCAP: Encapsulates elf\$1hwcap
+ arm64: Implements archrandom.h for ARMv8.5-RNG
+ mm: memcontrol: Fixes NR\$1WRITEBACK leak in memcg and system stats
+ mm: memcg: Makes sure that memory.events is uptodate when waking pollers
+ mem\$1cgroup: Makes sure that moving\$1account, move\$1lock\$1task and stat\$1cpu in the same cacheline
+ mm: Fixes oom\$1kill event handling
+ mm: writeback: Uses exact memcg dirty counts
Other Fixes:
+ net\$1sched: Rejects silly cell\$1log in qdisc\$1get\$1rtab()
+ x86: always\$1inline \$1rd,wr\$1msr()
+ net: lapb: Copys the skb before sending a packet
+ ipv4: Fixes the race condition between route lookup and invalidation
+ mm: hugetlb: Fixes a race between isolating and freeing page
+ mm: hugetlb: Removes VM\$1BUG\$1ON\$1PAGE from page\$1huge\$1active
+ mm: thp: Fixes MADV\$1REMOVE deadlock on shmem THP
+ 86/apic: Adds extra serialization for non-serializing MSRs
+ iommu/vt-d: Doesn't use flush-queue when caching-mode is on
+ fgraph: Initializes tracing\$1graph\$1pause at task creation
+ ARM: Ensures that the signal page contains defined contents
+ kvm: Now checks tlbs\$1dirty directly
+ ext4: Fixes potential htree index checksum corruption
+ mm/memory.c: Fixes potential pte\$1unmap\$1unlock pte error
+ mm/hugetlb: Fixes potential double free in hugetlb\$1register\$1node() error path
+ arm64: Adds missing ISB after invalidating TLB in primary\$1switch
+ mm/rmap: Fixes potential pte\$1unmap on an not mapped pte
+ x86/reboot: Forces all cpus to exit VMX root if VMX is supported
+ mm: hugetlb: Fixes a race between freeing and dissolving the page
+ arm64 module: Sets plt\$1 section addresses to 0x0
+ xfs: Fixes assert failure in xfs\$1setattr\$1size()