diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/security/2022-10-20-curl-update.md b/sdk_container/src/third_party/coreos-overlay/changelog/security/2022-10-20-curl-update.md
new file mode 100644
index 0000000000..b793942929
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/security/2022-10-20-curl-update.md
@@ -0,0 +1 @@
+- curl ([CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252))
diff --git a/sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-10-20-curl-update.md b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-10-20-curl-update.md
new file mode 100644
index 0000000000..3ca94c7285
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/updates/2022-10-20-curl-update.md
@@ -0,0 +1 @@
+- curl ([7.85](https://curl.se/mail/archive-2022-08/0012.html))
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index 046c467af5..53d9cbefd9 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -17,6 +17,9 @@
 
 =dev-libs/libgcrypt-1.9.4 ~amd64 ~arm64
 
+# To address CVE-2022-35252.
+=net-misc/curl-7.85.0-r2 ~amd64 ~arm64
+
 =net-misc/openssh-8.8_p1-r3 ~amd64 ~arm64
 
 # Required for addressing CVE-2022-29154
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
index 4e1b3fa5d9..a3f48fa2d1 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.use
@@ -10,8 +10,7 @@ dev-libs/libxml2	-python
 dev-libs/libxslt	-python
 dev-util/perf		-doc
 dev-vcs/git		webdav curl bash-completion
-# We don't want any driver/hw rendering on the host
-net-misc/curl		kerberos threads telnet
+net-misc/curl		kerberos telnet
 net-misc/iputils	arping tracepath traceroute6
 sys-devel/gettext	-git