# Amazon Linux 2 version 2.0.20220606.1.0 release notes
These are the release notes for Amazon Linux 2 version 2.0.20220606.1.0.
## Major updates
+ `systemd`: Correct an issue that could in some cases prevent an instance from mounting its root filesystem at boot.
## Package updates
Amazon Linux 2 includes the following packages.
| Packages |
| --- |
| `cpp-7.3.1-15.amzn2.x86_64` |
| `curl-7.79.1-2.amzn2.0.1.aarch64` |
| `curl-7.79.1-2.amzn2.0.1.x86_64` |
| `dracut-033-535.amzn2.1.6.aarch64` |
| `dracut-033-535.amzn2.1.6.x86_64` |
| `dracut-config-generic-033-535.amzn2.1.6.aarch64` |
| `dracut-config-generic-033-535.amzn2.1.6.x86_64` |
| `gcc-7.3.1-15.amzn2.x86_64` |
| `gcc-c-7.3.1-15.amzn2.x86_64` |
| `iproute-5.10.0-2.amzn2.0.2.aarch64` |
| `iproute-5.10.0-2.amzn2.0.2.x86_64` |
| `kernel-4.14.281-212.502.amzn2.aarch64` |
| `kernel-4.14.281-212.502.amzn2.x86_64` |
| `kernel-5.10.118-111.515.amzn2.aarch64` |
| `kernel-5.10.118-111.515.amzn2.x86_64` |
| `kernel-devel-4.14.281-212.502.amzn2.x86_64` |
| `kernel-headers-4.14.281-212.502.amzn2.x86_64` |
| `kernel-tools-4.14.281-212.502.amzn2.aarch64` |
| `kernel-tools-4.14.281-212.502.amzn2.x86_64` |
| `kernel-tools-5.10.118-111.515.amzn2.aarch64` |
| `kernel-tools-5.10.118-111.515.amzn2.x86_64` |
| `libatomic-7.3.1-15.amzn2.x86_64` |
| `libcilkrts-7.3.1-15.amzn2.x86_64` |
| `libcurl-7.79.1-2.amzn2.0.1.aarch64` |
| `libcurl-7.79.1-2.amzn2.0.1.x86_64` |
| `libgcc-7.3.1-15.amzn2.aarch64` |
| `libgcc-7.3.1-15.amzn2.x86_64` |
| `libgomp-7.3.1-15.amzn2.aarch64` |
| `libgomp-7.3.1-15.amzn2.x86_64` |
| `libitm-7.3.1-15.amzn2.x86_64` |
| `libmpx-7.3.1-15.amzn2.x86_64` |
| `libquadmath-7.3.1-15.amzn2.x86_64` |
| `libsanitizer-7.3.1-15.amzn2.x86_64` |
| `libstdc-7.3.1-15.amzn2.aarch64` |
| `libstdc-7.3.1-15.amzn2.x86_64` |
| `libtiff-4.0.3-35.amzn2.0.2.aarch64` |
| `libtiff-4.0.3-35.amzn2.0.2.x86_64` |
| `microcode_ctl-2.1-47.amzn2.0.12.x86_64` |
| `openldap-2.4.44-23.amzn2.0.4.aarch64` |
| `openldap-2.4.44-23.amzn2.0.4.x86_64` |
| `openssl-1.0.2k-24.amzn2.0.3.aarch64` |
| `openssl-1.0.2k-24.amzn2.0.3.x86_64` |
| `openssl-libs-1.0.2k-24.amzn2.0.3.aarch64` |
| `openssl-libs-1.0.2k-24.amzn2.0.3.x86_64` |
| `python-2.7.18-1.amzn2.0.5.aarch64` |
| `python-2.7.18-1.amzn2.0.5.x86_64` |
| `python-devel-2.7.18-1.amzn2.0.5.aarch64` |
| `python-devel-2.7.18-1.amzn2.0.5.x86_64` |
| `python-libs-2.7.18-1.amzn2.0.5.aarch64` |
| `python-libs-2.7.18-1.amzn2.0.5.x86_64` |
| `rsyslog-8.24.0-57.amzn2.2.0.1.aarch64` |
| `rsyslog-8.24.0-57.amzn2.2.0.1.x86_64` |
| `systemd-219-78.amzn2.0.18.aarch64` |
| `systemd-219-78.amzn2.0.18.x86_64` |
| `systemd-libs-219-78.amzn2.0.18.aarch64` |
| `systemd-libs-219-78.amzn2.0.18.x86_64` |
| `systemd-sysv-219-78.amzn2.0.18.aarch64` |
| `systemd-sysv-219-78.amzn2.0.18.x86_64` |
| `vim-common-8.2.4857-1.amzn2.0.1.aarch64` |
| `vim-common-8.2.4857-1.amzn2.0.1.x86_64` |
| `vim-data-8.2.4857-1.amzn2.0.1.noarch` |
| `vim-enhanced-8.2.4857-1.amzn2.0.1.aarch64` |
| `vim-enhanced-8.2.4857-1.amzn2.0.1.x86_64` |
| `vim-filesystem-8.2.4857-1.amzn2.0.1.noarch` |
| `vim-minimal-8.2.4857-1.amzn2.0.1.aarch64` |
| `vim-minimal-8.2.4857-1.amzn2.0.1.x86_64` |
## Kernel updates
**kernel-4.14.281-212.502.amzn2**
Rebase kernel to upstream stable `4.14.281`
CVEs fixed:
+ [CVE-2022-29581](https://alas.aws.amazon.com/cve/html/CVE-2022-29581.html) [`net/sched`: `cls_u32`: fix `netns` `refcount` changes in `u32_change()`]
+ [CVE-2022-0854](https://alas.aws.amazon.com/cve/html/CVE-2022-0854.html) [`swiotlb`: rework \$1]
+ [CVE-2022-1729](https://alas.aws.amazon.com/cve/html/CVE-2022-1729.html) [`perf`: Fix `sys_perf_event_open()` race against self]
+ [CVE-2022-1516](https://alas.aws.amazon.com/cve/html/CVE-2022-1516.html) [`net/x25`: Fix `null-ptr-deref` caused by `x25_disconnect`]
+ [CVE-2022-30594](https://alas.aws.amazon.com/cve/html/CVE-2022-30594.html) [`ptrace`: Check `PTRACE_O_SUSPEND_SECCOMP` permission on `PTRACE_SEIZE`]
Amazon Features and Backports:
+ `ENA`: Update to `v2`.
+ `arm64`: `paravirt`: Use RCU read locks to guard `stolen_time`
+ `lustre`: update to AmazonFSxLustreClient `v2.10.8-11`
**kernel-5.10.118-111.515.amzn2**
Rebase kernel to upstream stable `5.10.118`
CVEs fixed:
+ [CVE-2022-29581](https://alas.aws.amazon.com/cve/html/CVE-2022-29581.html) [`net/sched`: `cls_u32`: fix netns refcount changes in `u32_change()`]
+ [CVE-2022-0494](https://alas.aws.amazon.com/cve/html/CVE-2022-0494.html) [`block-map`: add `GFP_ZERO` flag for `alloc_page` in function `bio_copy_kern`]
+ [CVE-2022-28893](https://alas.aws.amazon.com/cve/html/CVE-2022-28893.html) [`SUNRPC`: Ensure we flush any closed sockets before `xs_xprt_free()`]
+ [CVE-2022-0854](https://alas.aws.amazon.com/cve/html/CVE-2022-0854.html) [`swiotlb`: rework \$1]
+ [CVE-2022-1729](https://alas.aws.amazon.com/cve/html/CVE-2022-1729.html) [`perf`: Fix `sys_perf_event_open()` race against self]
+ [CVE-2022-1786](https://alas.aws.amazon.com/cve/html/CVE-2022-1786.html) [`io_uring`: remove `io_identity`]
Amazon Features and Backports:
| |
| --- |
| `ENA`: Update to `v2.7.1` |
| `lustre`: update to AmazonFSxLustreClient `v2.10.8-11` |
| Correct read overflow in page touching DMA ops binding |
| `iov_iter`: track truncated size |
| `io_uring`: reexpand under-reexpanded iters |
| `bpf`: Generalize `check_ctx_reg` for reuse with other types |
| `bpf`: Mark `PTR_TO_FUNC` register initially with zero offset |
| `bpf`: Generally fix helper register offset check |
| `bpf`: Fix out of bounds access for `ringbuf` helpers |
| `bpf`: Fix `ringbuf` memory type confusion when passing to helpers |
| `bpf`: Consolidate shared test timing code |
| `bpf`: Add `PROG_TEST_RUN` support for `sk_lookup` programs |
| `selftests/bpf`: Add verifier test for `PTR_TO_MEM` spill |
| `bpf`, `selftests`: Add verifier test for `mem_or_null` register with offset. |
| `bpf`, `selftests`: Add various `ringbuf` tests with invalid offset |
| `mm/migrate`: Don't drop mapping lock in `unmap_and_move_huge_page()` |
| `config`: enable `CONFIG_DM_ZONED` as a module |