# Amazon Linux 2 version 2.0.20210721.2 release notes
These are the release notes for Amazon Linux 2 version 2.0.20210721.2.
## Major updates
+ GRUB has been updated to 2.06 with some launch time improvements
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| amazon-ssm-agent-3.0.1124.0-1.amzn2.aarch64 |
| amazon-ssm-agent-3.0.1124.0-1.amzn2.x86\$164 |
| chrony-4.0-3.amzn2.0.2.aarch64 |
| chrony-4.0-3.amzn2.0.2.x86\$164 |
| dracut-033-535.amzn2.1.4.aarch64 |
| dracut-033-535.amzn2.1.4.x86\$164 |
| dracut-config-generic-033-535.amzn2.1.4.aarch64 |
| dracut-config-generic-033-535.amzn2.1.4.x86\$164 |
| fuse-libs-2.9.2-11.amzn2.aarch64 |
| fuse-libs-2.9.2-11.amzn2.x86\$164 |
| glibc-2.26-48.amzn2.aarch64 |
| glibc-2.26-48.amzn2.x86\$164 |
| glibc-all-langpacks-2.26-48.amzn2.aarch64 |
| glibc-all-langpacks-2.26-48.amzn2.x86\$164 |
| glibc-common-2.26-48.amzn2.aarch64 |
| glibc-common-2.26-48.amzn2.x86\$164 |
| glibc-devel-2.26-48.amzn2.x86\$164 |
| glibc-headers-2.26-48.amzn2.x86\$164 |
| glibc-langpack-en-2.26-48.amzn2.aarch64 |
| glibc-langpack-en-2.26-48.amzn2.x86\$164 |
| glibc-locale-source-2.26-48.amzn2.aarch64 |
| glibc-locale-source-2.26-48.amzn2.x86\$164 |
| glibc-minimal-langpack-2.26-48.amzn2.aarch64 |
| glibc-minimal-langpack-2.26-48.amzn2.x86\$164 |
| grub2-2.06-2.amzn2.0.1.aarch64 |
| grub2-2.06-2.amzn2.0.1.x86\$164 |
| grub2-common-2.06-2.amzn2.0.1.noarch |
| grub2-efi-aa64-2.06-2.amzn2.0.1.aarch64 |
| grub2-efi-aa64-ec2-2.06-2.amzn2.0.1.aarch64 |
| grub2-efi-aa64-modules-2.06-2.amzn2.0.1.noarch |
| grub2-efi-x64-ec2-2.06-2.amzn2.0.1.x86\$164 |
| grub2-pc-2.06-2.amzn2.0.1.x86\$164 |
| grub2-pc-modules-2.06-2.amzn2.0.1.noarch |
| grub2-tools-2.06-2.amzn2.0.1.aarch64 |
| grub2-tools-2.06-2.amzn2.0.1.x86\$164 |
| grub2-tools-minimal-2.06-2.amzn2.0.1.aarch64 |
| grub2-tools-minimal-2.06-2.amzn2.0.1.x86\$164 |
| kernel-4.14.238-182.422.amzn2.aarch64 |
| kernel-4.14.238-182.422.amzn2.x86\$164 |
| kernel-devel-4.14.238-182.422.amzn2.x86\$164 |
| kernel-headers-4.14.238-182.422.amzn2.x86\$164 |
| kernel-tools-4.14.238-182.422.amzn2.aarch64 |
| kernel-tools-4.14.238-182.422.amzn2.x86\$164 |
| libcrypt-2.26-48.amzn2.aarch64 |
| libcrypt-2.26-48.amzn2.x86\$164 |
| libwebp-0.3.0-10.amzn2.aarch64 |
| libwebp-0.3.0-10.amzn2.x86\$164 |
| libX11-1.6.7-3.amzn2.0.2.x86\$164 |
| libX11-common-1.6.7-3.amzn2.0.2.noarch |
| libxml2-2.9.1-6.amzn2.5.4.aarch64 |
| libxml2-2.9.1-6.amzn2.5.4.x86\$164 |
| libxml2-python-2.9.1-6.amzn2.5.4.aarch64 |
| libxml2-python-2.9.1-6.amzn2.5.4.x86\$164 |
| openssl-1.0.2k-19.amzn2.0.7.aarch64 |
| openssl-1.0.2k-19.amzn2.0.7.x86\$164 |
| openssl-libs-1.0.2k-19.amzn2.0.7.aarch64 |
| openssl-libs-1.0.2k-19.amzn2.0.7.x86\$164 |
| python2-rpm-4.11.3-40.amzn2.0.6.aarch64 |
| python2-rpm-4.11.3-40.amzn2.0.6.x86\$164 |
| python-urllib3-1.25.9-1.amzn2.0.2.noarch |
| rpm-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-4.11.3-40.amzn2.0.6.x86\$164 |
| rpm-build-libs-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-build-libs-4.11.3-40.amzn2.0.6.x86\$164 |
| rpm-libs-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-libs-4.11.3-40.amzn2.0.6.x86\$164 |
| rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.aarch64 |
| rpm-plugin-systemd-inhibit-4.11.3-40.amzn2.0.6.x86\$164 |
| systemtap-runtime-4.4-1.amzn2.0.1.aarch64 |
| systemtap-runtime-4.4-1.amzn2.0.1.x86\$164 |
| tzdata-2021a-1.amzn2.noarch |
## Kernel updates
Rebase kernel to upstream stable 4.14.238.
Amazon EFA Driver: Updated to tversion v1.12.1
CVEs fixed:
+ CVE-2021-32399 [bluetooth: eliminate the potential race condition when removing the HCI controller]
+ CVE-2021-33034 [Bluetooth: verify AMP hci\$1chan before amp\$1destroy]
+ CVE-2020-26558 [Bluetooth: SMP: Fails if remote and local public keys are identical]
+ CVE-2021-0129 [Bluetooth: SMP: Fails if remote and local public keys are identical]
+ CVE-2020-24586 [mac80211: Prevents mixed key and fragment cache attacks]
+ CVE-2020-24587 [mac80211: Prevents mixed key and fragment cache attacks]
+ CVE-2020-24588 [cfg80211: Mitigates A-MSDU aggregation attacks]
+ CVE-2020-26139 [mac80211: Doesn't accept/forward invalid EAPOL frames]
+ CVE-2020-26147 [mac80211: Makes sure that all fragments are encrypted]
+ CVE-2021-29650 [netfilter: x\$1tables: Uses correct memory barriers.]
+ CVE-2021-3564 [Bluetooth: Fixes the erroneous flush\$1work() order]
+ CVE-2021-3573 [Bluetooth: Uses correct lock tprevent UAF of hdev object]
+ CVE-2021-3587 [nfc: Fixes NULL ptr dereference in llcp\$1sock\$1getname() after failed connect]
+ CVE-2021-34693 [can: bcm: Fixes infoleak in struct bcm\$1msg\$1head]
+ CVE-2021-33624 [bpf: Inherits expanded/patched seen count from old aux data]
+ CVE-2021-33909 [seq\$1file: Doesn't allow extremely large seq buffer allocations]
Amazon Features and Backports:
+ arm64/kernel: Doesn't ban ADRP twork around Cortex-A53 erratum \$1843419
+ arm64/errata: Adds REVIDR handling tframework
+ arm64/kernel: Enables A53 erratum \$18434319 handling at runtime
+ arm64: Fixes undefined reference t'printk'
+ arm64/kernel: Renames module\$1emit\$1adrp\$1veneer→module\$1emit\$1veneer\$1for\$1adrp
+ arm64/kernel: kaslr: Reduces module randomization range t4 GB
+ Revert "arm64: acpi/pci: invoke \$1DSM whether tpreserve firmware PCI setup"
+ PCI/ACPI: Evaluates PCI Boot Configuration \$1DSM
+ PCI: Doesn't auto-realloc if we're preserving firmware config
+ arm64: PCI: Allows resource reallocation if necessary
+ arm64: PCI: Preserved firmware configuration when desired
+ bpf: Fixes subprog verifier bypass by div/mod by 0 exception
+ bpf, x86\$164: Removes obsolete exception handling from div/mod
+ bpf, arm64: Removes obsolete exception handling from div/mod
+ bpf, s390x: Removes obsolete exception handling from div/mod
+ bpf, ppc64: Removes obsolete exception handling from div/mod
+ bpf, sparc64: Removes obsolete exception handling from div/mod
+ bpf, mips64: Removes obsolete exception handling from div/mod
+ bpf, mips64: Removes unneeded zercheck from div/mod with k
+ bpf, arm: Removes obsolete exception handling from div/mod
+ bpf: Fixes 32 bit src register truncation on div/mod
+ bpf: Inherits expanded/patched seen count from old aux data
+ bpf: Doesn't mark insn as seen under speculative path verification
+ bpf: Fixes leakage under speculation on mispredicted branches
+ seq\$1file: Doesn't allow extremely large seq buffer allocations