# Amazon Linux 2 version 2.0.20220207.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20220207.0.
## Major updates
None.
## Kernel updates
Rebase kernel to upstream stable 5.10.96.
CVEs fixed:
+ CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
+ CVE-2022-0492 [kernel: cgroups v1 release\$1agent feature may allow privilege escalation]
Amazon Features and Backports:
+ lustre: update to AmazonFSxLustreClient v2.10.8-10
+ drivers/base/memory: introduce memory\$1block\$1\$1online,offline\$1
+ mm,memory\$1hotplug: relax fully spanned sections check
+ mm,memory\$1hotplug: factor out adjusting present pages into adjust\$1present\$1page\$1count()
+ mm,memory\$1hotplug: allocate memmap from the added memory range
+ acpi,memhotplug: enable MHP\$1MEMMAP\$1ON\$1MEMORY when supported
+ mm,memory\$1hotplug: add kernel boot option to enable memmap\$1on\$1memory
+ x86/Kconfig: introduce ARCH\$1MHP\$1MEMMAP\$1ON\$1MEMORY\$1ENABLE
+ arm64/Kconfig: introduce ARCH\$1MHP\$1MEMMAP\$1ON\$1MEMORY\$1ENABLE
+ drivers/base/memory: fix trying offlining memory blocks with memory holes on aarch64
+ drivers/base/memory: use MHP\$1MEMMAP\$1ON\$1MEMORY from the probe interface
+ mm: add offline page reporting interface
+ virtio: add hack to allow pre-mapped scatterlists
+ virtio-balloon: optionally report offlined memory ranges
+ audit: improve audit queue handling when "audit=1" on cmdline
+ cgroup-v1: Require capabilities to set release\$1agent
Rebase kernel to upstream stable 4.14.262
CVEs fixed:
+ CVE-2021-4083 [fget: check that the fd still exists after getting a ref to it]
+ CVE-2021-39685 [USB: gadget: detect too-big endpoint 0 requests]
+ CVE-2021-28711 [xen/blkfront: harden blkfront against event channel storms]
+ CVE-2021-28712 [xen/netfront: harden netfront against event channel storms]
+ CVE-2021-28713 [xen/console: harden hvc\$1xen against event channel storms]
+ CVE-2021-28714 [xen/netback: fix rx queue stall detection]
+ CVE-2021-28715 [xen/netback: don't queue unlimited number of packages]
+ CVE-2021-44733 [tee: handle lookup of shm with reference count 0]
+ CVE-2021-4155 [xfs: map unwritten blocks in XFS\$1IOC\$1\$1ALLOC,FREE\$1SP just like fallocate]
+ CVE-2022-0492 [kernel: cgroups v1 release\$1agent feature may allow privilege escalation]
Amazon Features and Backports:
+ ena: Update to 2.6.0
+ fuse: fix bad inode
+ fuse: fix live lock in fuse\$1iget()
+ lustre: update to AmazonFSxLustreClient v2.10.8-10
+ cgroup-v1: Require capabilities to set release\$1agent
+ audit: improve audit queue handling when "audit=1" on cmdline
+ ENA: Update to v2.6.1
Other Fixes:
+ tracing: Fix pid filtering when triggers are attached
+ NFSv42: Don't fail clone() unless the OP\$1CLONE operation failed
+ ARM: socfpga: Fix crash with CONFIG\$1FORTIRY\$1SOURCE
+ ipv6: fix typos in ip6\$1finish\$1output()
+ tracing: Check pid filtering when creating events
+ PCI: aardvark: Train link immediately after enabling training
+ PCI: aardvark: Update comment about disabling link training
| Kernel |
| --- |
| kernel-4.14.262-200.489.amzn2.aarch64 |
| kernel-4.14.262-200.489.amzn2.x86\$164 |
| kernel-5.10.96-90.460.amzn2.aarch64 |
| kernel-5.10.96-90.460.amzn2.x86\$164 |
| kernel-devel-4.14.262-200.489.amzn2.x86\$164 |
| kernel-headers-4.14.262-200.489.amzn2.x86\$164 |
| kernel-tools-4.14.262-200.489.amzn2.aarch64 |
| kernel-tools-4.14.262-200.489.amzn2.x86\$164 |
| kernel-tools-5.10.96-90.460.amzn2.aarch64 |
| kernel-tools-5.10.96-90.460.amzn2.x86\$164 |