diff --git a/changelog/bugfixes/2025-12-29-gce-udev.md b/changelog/bugfixes/2025-12-29-gce-udev.md
new file mode 100644
index 00000000000..d8458d9f4db
--- /dev/null
+++ b/changelog/bugfixes/2025-12-29-gce-udev.md
@@ -0,0 +1 @@
+- Updated the GCE udev disk rules to include NVMe disks.
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/Manifest b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/Manifest
new file mode 100644
index 00000000000..02b3af8f09d
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/Manifest
@@ -0,0 +1 @@
+DIST google-guest-configs-20251014.00.tar.gz 49030 BLAKE2B 20330b57868814e2e4278a15355d8b8a2d6f065049bbe876f8fa48c70f54f65ed98537c5a6a5603e38967c12fd4953c6d06232d6dae691ae81e0f5111108e9c6 SHA512 0040ca6cc6b18c0cb0afaa2febd1bef61a1a62e6f277ef8c9ed01254194a7802ff19baa99bcb8ba64c96e1113f6686a63a23116aa1c7cd5b6caa787ae4e107fa
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-20211116.00-sysctl.patch b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-20211116.00-sysctl.patch
new file mode 100644
index 00000000000..4ac9d275cbc
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/files/google-guest-configs-20211116.00-sysctl.patch
@@ -0,0 +1,50 @@
+diff --git a/src/etc/sysctl.d/60-gce-network-security.conf b/src/etc/sysctl.d/60-gce-network-security.conf
+index b40085b..d89d87d 100644
+--- a/src/etc/sysctl.d/60-gce-network-security.conf
++++ b/src/etc/sysctl.d/60-gce-network-security.conf
+@@ -14,45 +14,6 @@
+ #
+ # Google-recommended kernel parameters
+
+-# Turn on SYN-flood protections.  Starting with 2.6.26, there is no loss
+-# of TCP functionality/features under normal conditions.  When flood
+-# protections kick in under high unanswered-SYN load, the system
+-# should remain more stable, with a trade off of some loss of TCP
+-# functionality/features (e.g. TCP Window scaling).
+-net.ipv4.tcp_syncookies=1
+-
+-# Ignore source-routed packets
+-net.ipv4.conf.all.accept_source_route=0
+-net.ipv4.conf.default.accept_source_route=0
+-
+-# Ignore ICMP redirects from non-GW hosts
+-net.ipv4.conf.all.accept_redirects=0
+-net.ipv4.conf.default.accept_redirects=0
+-net.ipv4.conf.all.secure_redirects=1
+-net.ipv4.conf.default.secure_redirects=1
+-
+-# Don't pass traffic between networks or act as a router
+-net.ipv4.ip_forward=0
+-net.ipv4.conf.all.send_redirects=0
+-net.ipv4.conf.default.send_redirects=0
+-
+-# Turn on Source Address Verification in all interfaces to
+-# prevent some spoofing attacks.
+-net.ipv4.conf.all.rp_filter=1
+-net.ipv4.conf.default.rp_filter=1
+-
+-# Ignore ICMP broadcasts to avoid participating in Smurf attacks
+-net.ipv4.icmp_echo_ignore_broadcasts=1
+-
+-# Ignore bad ICMP errors
+-net.ipv4.icmp_ignore_bogus_error_responses=1
+-
+ # Log spoofed, source-routed, and redirect packets
+ net.ipv4.conf.all.log_martians=1
+ net.ipv4.conf.default.log_martians=1
+-
+-# Addresses of mmap base, heap, stack and VDSO page are randomized
+-kernel.randomize_va_space=2
+-
+-# Reboot the machine soon after a kernel panic.
+-kernel.panic=10
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/google-guest-configs-20251014.00.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/google-guest-configs-20251014.00.ebuild
new file mode 100644
index 00000000000..9e79d49929c
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/google-guest-configs-20251014.00.ebuild
@@ -0,0 +1,56 @@
+# Copyright 2025 The Flatcar Container Linux Maintainers
+# Distributed under the terms of the Apache License 2.0
+
+# IMPORTANT! When bumping, ensure that the Dracut modules do not install files
+# that would make runtime changes to systems to other than GCE VMs because the
+# initrd is shared between image types. The udev disk rules are currently safe.
+
+EAPI=8
+
+inherit udev
+
+DESCRIPTION="Configuration and scripts to support the Google Compute Engine guest environment"
+HOMEPAGE="http://github.com/GoogleCloudPlatform/guest-configs"
+SRC_URI="https://github.com/GoogleCloudPlatform/guest-configs/archive/${PV}.tar.gz -> ${P}.tar.gz"
+S="${WORKDIR}/guest-configs-${PV}"
+
+LICENSE="Apache-2.0 BSD ZLIB"
+SLOT="0"
+KEYWORDS="amd64"
+
+RDEPEND="
+	sys-apps/ethtool
+	sys-apps/iproute2
+	sys-apps/nvme-cli
+	!<app-emulation/google-compute-engine-20190124-r3
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-20211116.00-sysctl.patch
+)
+
+src_install() {
+	exeinto "$(get_udevdir)"
+	doexe src/lib/udev/google_nvme_id
+
+	udev_dorules src/lib/udev/rules.d/65-gce-disk-naming.rules
+	udev_dorules src/lib/udev/rules.d/75-gce-network.rules
+
+	insinto /usr/lib/sysctl.d
+	doins src/etc/sysctl.d/60-gce-network-security.conf
+
+	dobin src/usr/bin/google_set_multiqueue
+	dobin src/usr/bin/google_optimize_local_ssd
+	dobin src/usr/bin/gce-nic-naming
+
+	insinto /usr/lib/dracut/modules.d
+	doins -r src/lib/dracut/modules.d/*
+}
+
+pkg_postinst() {
+	udev_reload
+}
+
+pkg_postrm() {
+	udev_reload
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/metadata.xml
new file mode 100644
index 00000000000..3abd52a6f70
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/google-guest-configs/metadata.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<upstream>
+		<remote-id type="github">GoogleCloudPlatform/guest-configs</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r3.ebuild
similarity index 81%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r2.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r3.ebuild
index 40a7a10e63c..59a394f58f8 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/google-compute-engine/google-compute-engine-20190124-r3.ebuild
@@ -28,3 +28,10 @@ RDEPEND="
 	sys-apps/iproute2
 	sys-apps/shadow
 "
+
+src_install() {
+	distutils-r1_src_install
+
+	# Newer versions are installed by app-admin/google-guest-configs.
+	rm -v "${ED}"/usr/bin/google_{optimize_local_ssd,set_multiqueue} || die
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild
deleted file mode 100644
index 5baa71325b6..00000000000
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright (c) 2013 CoreOS, Inc.. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-# Copyright (c) 2020 Kinvolk GmbH. All rights reserved.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit systemd
-
-DESCRIPTION="OEM suite for Google Compute Engine images"
-HOMEPAGE="https://cloud.google.com/products/compute-engine/"
-SRC_URI=""
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64"
-IUSE=""
-
-# no source directory
-S="${WORKDIR}"
-
-RDEPEND="
-    app-emulation/google-compute-engine
-"
-
-OEM_NAME="Google Compute Engine"
-
-src_install() {
-    systemd_dounit "${FILESDIR}/units/oem-gce.service"
-    systemd_dounit "${FILESDIR}/units/oem-gce-enable-oslogin.service"
-    systemd_dounit "${FILESDIR}/units/setup-oem.service"
-    systemd_install_dropin "multi-user.target" "${FILESDIR}/units/10-oem-gce.conf"
-    systemd_enable_service "multi-user.target" "ntpd.service"
-
-    dobin "${FILESDIR}/bin/enable-oslogin"
-    dobin "${FILESDIR}/bin/init.sh"
-
-    # These files will be symlinked to /etc via 'setup-oem.service'
-    insinto /usr/share/gce/
-    doins "${FILESDIR}/files/hosts"
-    doins "${FILESDIR}/files/google-cloud-sdk.sh"
-}
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20260102.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20260102.ebuild
new file mode 100644
index 00000000000..e9decae604b
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20260102.ebuild
@@ -0,0 +1,35 @@
+# Copyright (c) 2013 CoreOS, Inc.. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+# Copyright (c) 2020 Kinvolk GmbH. All rights reserved.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd
+
+DESCRIPTION="OEM suite for Google Compute Engine images"
+HOMEPAGE="https://cloud.google.com/products/compute-engine/"
+S="${WORKDIR}"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64"
+
+RDEPEND="
+	app-admin/google-guest-configs
+	app-emulation/google-compute-engine
+"
+
+OEM_NAME="Google Compute Engine"
+
+src_install() {
+	systemd_dounit "${FILESDIR}"/units/{oem-gce,oem-gce-enable-oslogin,setup-oem}.service
+	systemd_install_dropin multi-user.target "${FILESDIR}"/units/10-oem-gce.conf
+	systemd_enable_service multi-user.target ntpd.service
+
+	dobin "${FILESDIR}"/bin/{enable-oslogin,init.sh}
+
+	# These files will be symlinked to /etc via 'setup-oem.service'
+	insinto /usr/share/gce
+	doins "${FILESDIR}"/files/{google-cloud-sdk.sh,hosts}
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.62.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.62.ebuild
index 8b9cea19187..c3d5342b163 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.62.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.62.ebuild
@@ -52,7 +52,10 @@ DEPEND="
 	>=sys-kernel/bootengine-0.0.38-r37:=
 	>=sys-kernel/coreos-firmware-20180103-r1:=
 	virtual/udev
-	amd64? ( sys-firmware/intel-microcode:= )
+	amd64? (
+		app-admin/google-guest-configs
+		sys-firmware/intel-microcode:=
+	)
 "
 
 src_prepare() {