# Amazon Linux 2 version 2.0.20210427.0 release notes
<a name="relnotes-20210427"></a>

These are the release notes for Amazon Linux 2 version 2.0.20210427.0.

## Major updates
<a name="major-updates-20210427"></a>
+ ec2-net-utils bug fixed with multiple secondary IPs attached to one ENI.

## Package updates
<a name="package-updates-20210427"></a>

Amazon Linux 2 includes the following packages.
+ ec2-net-utils-1.5-3.amzn2.noarch 
+ kernel-4.14.231-173.361.amzn2.x86\$164 
+ kernel-devel-4.14.231-173.36.amzn2.x86\$164 
+ kernel-headers-4.14.231-173.361.amzn2.x86\$164 
+ kernel-tools-4.14.231-173.361.amzn2.x86\$164 
+ pystache-0.5.3-2.amzn2.noarch 
+ python-daemon-1.6-4.amzn2.noarch 
+ python-lockfile-0.9.1-4.amzn2.noarch

## Kernel updates
<a name="kernel-updates-20210427"></a>

Rebase kernel to upstream stable 4.14.231.

CVEs fixed:
+ CVE-2019-19060 [iio: imu: adis16400: release allocated memory on failure] 
+ CVE-2021-28660 [staging: rtl8188eu: prevent ->ssid overflow in rtw\$1wx\$1set\$1scan()] 
+ CVE-2021-29265 [usbip: fix stub\$1dev usbip\$1sockfd\$1store() races leading to gpf] 
+ CVE-2021-28964 [btrfs: fix race when cloning extent buffer during rewind of an old root] 
+ CVE-2021-28971 [perf/x86/intel: Fix a crash caused by zero PEBS status] 
+ CVE-2021-28972 [PCI: rpadlpar: Fix potential drc\$1name corruption in store functions] 
+ CVE-2021-28688 [xen-blkback: don't leak persistent grants from xen\$1blkbk\$1map()] 
+ CVE-2021-29647 [net: qrtr: fix a kernel-infoleak in qrtr\$1recvmsg()] 
+ CVE-2021-3483 [firewire: nosy: Fix a use-after-free bug in nosy\$1ioctl()] 
+ CVE-2021-29154 [bpf, x86: Validate computation of branch displacements for x86-64] 
+ CVE-2020-25670 [nfc: fix refcount leak in llcp\$1sock\$1bind()] 
+ CVE-2020-25671 [nfc: fix refcount leak in llcp\$1sock\$1connect()] 
+ CVE-2020-25672 [nfc: fix memory leak in llcp\$1sock\$1connect()]

Amazon Features and Backports:
+ nitro enclaves: Fixes dangling file descriptor [ALAS2-2021-1634] 
+ net: Fixes gro aggregation for udp encaps with zero csum 
+ net: Avoids infinite loop in mpls\$1gso\$1segment when mpls\$1hlen == 0 
+ configfs: Fixed a use-after-free in configfs\$1open\$1file 
+ include/linux/sched/mm.h: Use rcu\$1dereference in in\$1vfork() 
+ KVM: arm64: Fixes exclusive limit for IPA size 
+ ext4: Handles error of ext4\$1setup\$1system\$1zone() on remount 
+ ext4: Checks journal inode extents more carefully 
+ ext4: Finds old entry again if failed to rename whiteout 
+ ext4: Doesn't try to set xattr into ea\$1inode if value is empty 
+ ext4: Fixes potential error in ext4\$1do\$1update\$1inode 
+ locking/mutex: Fixed non debug version of mutex\$1lock\$1io\$1nested() 
+ ext4: Fixes bh ref count on error paths 
+ ext4: Doesn't input inode under running transaction in ext4\$1rename() 
+ mm: Fixes race by making init\$1zero\$1pfn() early\$1initcall 
+ KVM: arm64: Disables guest access to trace filter controls