AWS Security ChangesHomeSearch

AWS AWSEC2 medium security documentation change

Service: AWSEC2 · 2026-04-19 · Security-related medium

File: AWSEC2/latest/UserGuide/efa-changelog.md

Summary

Added changelog entry for EFA version 1.48.0 documenting bug fixes including use-after-free bugs, race conditions, memory leaks, and new security features like package signature verification

Security assessment

The changelog explicitly documents fixes for security vulnerabilities including use-after-free bugs and race conditions. It also adds documentation about new security features including individual package signature verification support. The specific mention of 'Fix use-after-free bugs in DC packet completion, CQ drain, AH unit test, and MR logging' and 'Fix race conditions in efa_rdm_ep_get_peer and QP locking' provides concrete evidence of security-related fixes.

Diff

diff --git a/AWSEC2/latest/UserGuide/efa-changelog.md b/AWSEC2/latest/UserGuide/efa-changelog.md
index 0178db66a..45a1995f4 100644
--- a//AWSEC2/latest/UserGuide/efa-changelog.md
+++ b//AWSEC2/latest/UserGuide/efa-changelog.md
@@ -12,0 +13,36 @@ Version | Changes | Release date
+1.48.0 | 
+
+  * **Upgrade to[ libfabric 2.4.0amzn3.0](https://github.com/aws/libfabric/releases/tag/v2.4.0amzn3.0)**
+    * Optimize shm address retrieval in RDM operations 
+    * Fix use-after-free bugs in DC packet completion, CQ drain, AH unit test, and MR logging 
+    * Fix race conditions in efa_rdm_ep_get_peer and QP locking 
+    * Fix uninitialized descriptor arrays causing segfault with FI_EFA_ENABLE_SHM_TRANSFER=0 
+    * Fix memory leaks in fi_info, err_buf, EFA device destruction, and unit tests 
+    * Add null check for base_ep in CQ polling to handle destroyed QPs 
+    * Set qp->base_ep in efa_qp_create and return error if efa_mr_reg_ibv_mr returns NULL 
+    * Move QP table from domain to device with device-level locking 
+    * Add QP generation to data path direct request ID and verify QP number on CQE 
+    * Stop setting qp->ibv_qp_ex->wr_id for data path direct 
+    * Correctly remove txe from longcts_send list on receipt recv completion 
+    * Refactor and clean up efa_cq_handle_error 
+    * Convert MR registration counters to atomic operations 
+    * Migrate shm MR registration code and introduce internal mr regv function 
+    * Disable MR cache by default under ASAN 
+    * Only disable zcpy_rx when p2p is not available but FI_HMEM is requested 
+    * Do not track tx pkt pool for non-debug build 
+    * Improve wait_send procedure and mock functions 
+    * Adjust log levels for efa-direct CQ err_data and efa_show_help 
+    * Define sanitizer macros and disable memhooks under ASAN 
+    * Add unit tests for ep enable error path and error completion handling 
+  * **Upgrade to[ libnccl-ofi 1.19.0](https://github.com/aws/aws-ofi-nccl/releases/tag/v1.19.0) **
+    * Fixed error in handling dma-buf handles created by ROCm/HSA and added dma-buf support detection when using HSA runtime on ROCm platforms 
+    * Fixed potential memory leaks 
+    * Fixed NCCL topology generation for GB200 in Docker containers where NUMA nodes disconnected from Package nodes caused incorrect topology generation 
+    * Reduced QP utilization on NIC 0 during initialization 
+    * Improved tuner algorithm choices for P6-B200 and P6-B300 instance types 
+  * **Support for libnccl-ofi install on NGC containers**
+  * **Add individual RPM/DEB package signature verification support**
+  * **Add support for RHEL 10**
+  * **Add OFI NCCL Plugin on Debian 12 and RHEL 10**
+
+| April 14, 2026