Remove some duplicate CVE patches and add back fixed CVE patcher scripts

Patches/Linux_CVEs-New/CVE-2012-6703/ANY/1.patch

@@ -1,31 +0,0 @@
-From 81ce573830e9d5531531b3ec778c58e6b9167bcd Mon Sep 17 00:00:00 2001
-From: Dan Carpenter <dan.carpenter@oracle.com>
-Date: Wed, 5 Sep 2012 15:32:18 +0300
-Subject: [PATCH] ALSA: compress_core: integer overflow in
- snd_compr_allocate_buffer()
-
-These are 32 bit values that come from the user, we need to check for
-integer overflows or we could end up allocating a smaller buffer than
-expected.
-
-Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
----
- sound/core/compress_offload.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
-index eb60cb8dbb8a6..68fe02c7400a2 100644
---- a/sound/core/compress_offload.c
-+++ b/sound/core/compress_offload.c
-@@ -407,6 +407,10 @@ static int snd_compr_allocate_buffer(struct snd_compr_stream *stream,
- 	unsigned int buffer_size;
- 	void *buffer;
- 
-+	if (params->buffer.fragment_size == 0 ||
-+	    params->buffer.fragments > SIZE_MAX / params->buffer.fragment_size)
-+		return -EINVAL;
-+
- 	buffer_size = params->buffer.fragment_size * params->buffer.fragments;
- 	if (stream->ops->copy) {
- 		buffer = NULL;

Patches/Linux_CVEs-New/CVE-2016-2187/ANY/1.patch

@@ -1,59 +0,0 @@
-From adaad9d866105bcb8f87293a0a675f573a39129d Mon Sep 17 00:00:00 2001
-From: Vladis Dronov <vdronov@redhat.com>
-Date: Thu, 31 Mar 2016 10:53:42 -0700
-Subject: Input: gtco - fix crash on detecting device without endpoints
-
-commit 162f98dea487206d9ab79fc12ed64700667a894d upstream.
-
-The gtco driver expects at least one valid endpoint. If given malicious
-descriptors that specify 0 for the number of endpoints, it will crash in
-the probe function. Ensure there is at least one endpoint on the interface
-before using it.
-
-Also let's fix a minor coding style issue.
-
-The full correct report of this issue can be found in the public
-Red Hat Bugzilla:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1283385
-
-Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
-Signed-off-by: Vladis Dronov <vdronov@redhat.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-Signed-off-by: Willy Tarreau <w@1wt.eu>
----
- drivers/input/tablet/gtco.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/input/tablet/gtco.c b/drivers/input/tablet/gtco.c
-index 29e01ab..a9f8f92 100644
---- a/drivers/input/tablet/gtco.c
-+++ b/drivers/input/tablet/gtco.c
-@@ -869,6 +869,14 @@ static int gtco_probe(struct usb_interface *usbinterface,
- 		goto err_free_buf;
- 	}
- 
-+	/* Sanity check that a device has an endpoint */
-+	if (usbinterface->altsetting[0].desc.bNumEndpoints < 1) {
-+		dev_err(&usbinterface->dev,
-+			"Invalid number of endpoints\n");
-+		error = -EINVAL;
-+		goto err_free_urb;
-+	}
-+
- 	/*
- 	 * The endpoint is always altsetting 0, we know this since we know
- 	 * this device only has one interrupt endpoint
-@@ -890,7 +898,7 @@ static int gtco_probe(struct usb_interface *usbinterface,
- 	 * HID report descriptor
- 	 */
- 	if (usb_get_extra_descriptor(usbinterface->cur_altsetting,
--				     HID_DEVICE_TYPE, &hid_desc) != 0){
-+				     HID_DEVICE_TYPE, &hid_desc) != 0) {
- 		dev_err(&usbinterface->dev,
- 			"Can't retrieve exta USB descriptor to get hid report descriptor length\n");
- 		error = -EIO;
--- 
-cgit v1.1
-

Patches/Linux_CVEs-New/CVE-2016-3136/ANY/1.patch

@@ -1,53 +0,0 @@
-From 2633b8df3dff0377066fb32feb8ef06ae834d7ff Mon Sep 17 00:00:00 2001
-From: Badhri Jagan Sridharan <Badhri@google.com>
-Date: Tue, 30 Aug 2016 13:33:55 -0700
-Subject: UPSTREAM: USB: mct_u232: add sanity checking in probe
-
-commit 4e9a0b05257f29cf4b75f3209243ed71614d062e upstream.
-
-An attack using the lack of sanity checking in probe is known. This
-patch checks for the existence of a second port.
-
-CVE-2016-3136
-BUG: 28242610
-Signed-off-by: Oliver Neukum <ONeukum@suse.com>
-[johan: add error message ]
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
-Change-Id: I284ad648c2087c34a098d67e0cc6d948a568413c
----
- drivers/usb/serial/mct_u232.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c
-index 6a15adf..c14c29f 100644
---- a/drivers/usb/serial/mct_u232.c
-+++ b/drivers/usb/serial/mct_u232.c
-@@ -377,14 +377,21 @@ static void mct_u232_msr_to_state(struct usb_serial_port *port,
- 
- static int mct_u232_port_probe(struct usb_serial_port *port)
- {
-+	struct usb_serial *serial = port->serial;
- 	struct mct_u232_private *priv;
- 
-+	/* check first to simplify error handling */
-+	if (!serial->port[1] || !serial->port[1]->interrupt_in_urb) {
-+		dev_err(&port->dev, "expected endpoint missing\n");
-+		return -ENODEV;
-+	}
-+
- 	priv = kzalloc(sizeof(*priv), GFP_KERNEL);
- 	if (!priv)
- 		return -ENOMEM;
- 
- 	/* Use second interrupt-in endpoint for reading. */
--	priv->read_urb = port->serial->port[1]->interrupt_in_urb;
-+	priv->read_urb = serial->port[1]->interrupt_in_urb;
- 	priv->read_urb->context = port;
- 
- 	spin_lock_init(&priv->lock);
--- 
-cgit v1.1
-

Patches/Linux_CVEs-New/CVE-2016-3138/ANY/1.patch

@@ -1,39 +0,0 @@
-From 801c5f937ef7edb23e411bc00d3695496b89dca2 Mon Sep 17 00:00:00 2001
-From: Badhri Jagan Sridharan <Badhri@google.com>
-Date: Tue, 30 Aug 2016 13:39:02 -0700
-Subject: UPSTREAM: USB: cdc-acm: more sanity checking
-
-commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream.
-
-An attack has become available which pretends to be a quirky
-device circumventing normal sanity checks and crashes the kernel
-by an insufficient number of interfaces. This patch adds a check
-to the code path for quirky devices.
-
-BUG: 28242610
-
-Signed-off-by: Oliver Neukum <ONeukum@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
-Change-Id: I9a5f7f3c704b65e866335054f470451fcfae9d1c
----
- drivers/usb/class/cdc-acm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
-index 9b1cbcf..f519d28 100644
---- a/drivers/usb/class/cdc-acm.c
-+++ b/drivers/usb/class/cdc-acm.c
-@@ -972,6 +972,9 @@ static int acm_probe(struct usb_interface *intf,
- 	if (quirks == NO_UNION_NORMAL) {
- 		data_interface = usb_ifnum_to_if(usb_dev, 1);
- 		control_interface = usb_ifnum_to_if(usb_dev, 0);
-+		/* we would crash */
-+		if (!data_interface || !control_interface)
-+			return -ENODEV;
- 		goto skip_normal_probe;
- 	}
- 
--- 
-cgit v1.1
-

Patches/Linux_CVEs-New/CVE-2016-3140/ANY/1.patch

@@ -1,57 +0,0 @@
-From 129e6372f40a423bcded0a6dae547205edf652fb Mon Sep 17 00:00:00 2001
-From: Oliver Neukum <oneukum@suse.com>
-Date: Thu, 31 Mar 2016 12:04:26 -0400
-Subject: USB: digi_acceleport: do sanity checking for the number of ports
-
-commit 5a07975ad0a36708c6b0a5b9fea1ff811d0b0c1f upstream.
-
-The driver can be crashed with devices that expose crafted descriptors
-with too few endpoints.
-
-See: http://seclists.org/bugtraq/2016/Mar/61
-
-Signed-off-by: Oliver Neukum <ONeukum@suse.com>
-[johan: fix OOB endpoint check and add error messages ]
-Cc: stable <stable@vger.kernel.org>
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Signed-off-by: Willy Tarreau <w@1wt.eu>
----
- drivers/usb/serial/digi_acceleport.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/drivers/usb/serial/digi_acceleport.c b/drivers/usb/serial/digi_acceleport.c
-index 7b807d3..8c34d9c 100644
---- a/drivers/usb/serial/digi_acceleport.c
-+++ b/drivers/usb/serial/digi_acceleport.c
-@@ -1253,8 +1253,27 @@ static int digi_port_init(struct usb_serial_port *port, unsigned port_num)
- 
- static int digi_startup(struct usb_serial *serial)
- {
-+	struct device *dev = &serial->interface->dev;
- 	struct digi_serial *serial_priv;
- 	int ret;
-+	int i;
-+
-+	/* check whether the device has the expected number of endpoints */
-+	if (serial->num_port_pointers < serial->type->num_ports + 1) {
-+		dev_err(dev, "OOB endpoints missing\n");
-+		return -ENODEV;
-+	}
-+
-+	for (i = 0; i < serial->type->num_ports + 1 ; i++) {
-+		if (!serial->port[i]->read_urb) {
-+			dev_err(dev, "bulk-in endpoint missing\n");
-+			return -ENODEV;
-+		}
-+		if (!serial->port[i]->write_urb) {
-+			dev_err(dev, "bulk-out endpoint missing\n");
-+			return -ENODEV;
-+		}
-+	}
- 
- 	serial_priv = kzalloc(sizeof(*serial_priv), GFP_KERNEL);
- 	if (!serial_priv)
--- 
-cgit v1.1
-

Patches/Linux_CVEs-New/CVE-2016-3689/ANY/1.patch

@@ -1,40 +0,0 @@
-From 7ca573e32c0a6634d679540314a80d235f224bfb Mon Sep 17 00:00:00 2001
-From: Oliver Neukum <oneukum@suse.com>
-Date: Thu, 17 Mar 2016 14:00:17 -0700
-Subject: [PATCH] Input: ims-pcu - sanity check against missing interfaces
-
-[ Upstream commit a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff ]
-
-A malicious device missing interface can make the driver oops.
-Add sanity checking.
-
-Signed-off-by: Oliver Neukum <ONeukum@suse.com>
-CC: stable@vger.kernel.org
-Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
----
- drivers/input/misc/ims-pcu.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c
-index afed8e2b2f944..41ef29b516f35 100644
---- a/drivers/input/misc/ims-pcu.c
-+++ b/drivers/input/misc/ims-pcu.c
-@@ -1663,6 +1663,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
- 
- 	pcu->ctrl_intf = usb_ifnum_to_if(pcu->udev,
- 					 union_desc->bMasterInterface0);
-+	if (!pcu->ctrl_intf)
-+		return -EINVAL;
- 
- 	alt = pcu->ctrl_intf->cur_altsetting;
- 	pcu->ep_ctrl = &alt->endpoint[0].desc;
-@@ -1670,6 +1672,8 @@ static int ims_pcu_parse_cdc_data(struct usb_interface *intf, struct ims_pcu *pc
- 
- 	pcu->data_intf = usb_ifnum_to_if(pcu->udev,
- 					 union_desc->bSlaveInterface0);
-+	if (!pcu->data_intf)
-+		return -EINVAL;
- 
- 	alt = pcu->data_intf->cur_altsetting;
- 	if (alt->desc.bNumEndpoints != 2) {

Patches/Linux_CVEs-New/CVE-2017-7371/ANY/1.patch

@@ -1,45 +0,0 @@
-From 9d5a0bc7f6318821fddf9fc0ac9a05e58bb00a6b Mon Sep 17 00:00:00 2001
-From: Sungjun Park <sjpark@codeaurora.org>
-Date: Mon, 23 Jan 2017 13:28:44 -0800
-Subject: bluetooth: Fix free data pointer routine
-
-Data pointer has been reused after freed it. So,
-it has been moved to after using the data pointer
-to clean up resource and freed it.
-
-Change-Id: Ibc94e092134ff1f36e896c679ade7f639254a24d
-Signed-off-by: Sungjun Park <sjpark@codeaurora.org>
----
- drivers/bluetooth/btfm_slim.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/bluetooth/btfm_slim.c b/drivers/bluetooth/btfm_slim.c
-index 5fb00b9..1c6e256 100644
---- a/drivers/bluetooth/btfm_slim.c
-+++ b/drivers/bluetooth/btfm_slim.c
-@@ -1,4 +1,4 @@
--/* Copyright (c) 2016, The Linux Foundation. All rights reserved.
-+/* Copyright (c) 2017, The Linux Foundation. All rights reserved.
-  *
-  * This program is free software; you can redistribute it and/or modify
-  * it under the terms of the GNU General Public License version 2 and
-@@ -509,7 +509,6 @@ static int btfm_slim_remove(struct slim_device *slim)
- 	BTFMSLIM_DBG("");
- 	mutex_destroy(&btfm_slim->io_lock);
- 	mutex_destroy(&btfm_slim->xfer_lock);
--	kfree(btfm_slim);
- 	snd_soc_unregister_codec(&slim->dev);
- 
- 	BTFMSLIM_DBG("slim_remove_device() - btfm_slim->slim_ifd");
-@@ -517,6 +516,8 @@ static int btfm_slim_remove(struct slim_device *slim)
- 
- 	BTFMSLIM_DBG("slim_remove_device() - btfm_slim->slim_pgd");
- 	slim_remove_device(slim);
-+
-+	kfree(btfm_slim);
- 	return 0;
- }
- 
--- 
-cgit v1.1
-

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_amazon_hdx-common.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-#Tested working 2017/10/30????
 cd $base"kernel/amazon/hdx-common"
 git apply $cvePatches/CVE-2012-6704/ANY/0.patch
 git apply $cvePatches/CVE-2014-1739/ANY/0.patch

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_asus_msm8916.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+cd $base"kernel/asus/msm8916"
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2016-10233/3.10/1.patch
+git apply $cvePatches/CVE-2016-3134/3.10/0.patch
+git apply $cvePatches/CVE-2016-3857/3.10/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2016-8394/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_fairphone_msm8974.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+cd $base"kernel/fairphone/msm8974"
+git apply $cvePatches/CVE-2016-3672/ANY/0.patch
+git apply $cvePatches/CVE-2017-0430/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-0786/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_marlin.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+cd $base"kernel/google/marlin"
+git apply $cvePatches/CVE-2014-9900/ANY/0.patch
+git apply $cvePatches/CVE-2015-2041/ANY/0.patch
+git apply $cvePatches/CVE-2015-7515/ANY/0.patch
+git apply $cvePatches/CVE-2015-8966/ANY/0.patch
+git apply $cvePatches/CVE-2016-10044/ANY/2.patch
+git apply $cvePatches/CVE-2016-10153/ANY/0.patch
+git apply $cvePatches/CVE-2016-10231/ANY/1.patch
+git apply $cvePatches/CVE-2016-2187/ANY/0.patch
+git apply $cvePatches/CVE-2016-2544/ANY/0.patch
+git apply $cvePatches/CVE-2016-2549/ANY/0.patch
+git apply $cvePatches/CVE-2016-2847/ANY/0.patch
+git apply $cvePatches/CVE-2016-3136/ANY/0.patch
+git apply $cvePatches/CVE-2016-3140/ANY/0.patch
+git apply $cvePatches/CVE-2016-3156/ANY/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/1.patch
+git apply $cvePatches/CVE-2016-3906/ANY/0.patch
+git apply $cvePatches/CVE-2016-5342/ANY/0.patch
+git apply $cvePatches/CVE-2016-5345/ANY/0.patch
+git apply $cvePatches/CVE-2016-5854/ANY/0.patch
+git apply $cvePatches/CVE-2016-5856/ANY/0.patch
+git apply $cvePatches/CVE-2016-5857/ANY/0.patch
+git apply $cvePatches/CVE-2016-5867/ANY/0.patch
+git apply $cvePatches/CVE-2016-5870/ANY/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2016-7042/ANY/0.patch
+git apply $cvePatches/CVE-2016-8418/ANY/0.patch
+git apply $cvePatches/CVE-2016-8483/3.18/0.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0510/3.18/1.patch
+git apply $cvePatches/CVE-2017-0537/ANY/0.patch
+git apply $cvePatches/CVE-2017-0622/ANY/0.patch
+git apply $cvePatches/CVE-2017-0627/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-1000365/3.18/1.patch
+git apply $cvePatches/CVE-2017-10998/3.18/1.patch
+git apply $cvePatches/CVE-2017-11001/ANY/0.patch
+git apply $cvePatches/CVE-2017-11002/ANY/0.patch
+git apply $cvePatches/CVE-2017-12146/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-2671/ANY/0.patch
+git apply $cvePatches/CVE-2017-5669/ANY/1.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-6951/ANY/0.patch
+git apply $cvePatches/CVE-2017-7371/ANY/0.patch
+git apply $cvePatches/CVE-2017-7372/ANY/0.patch
+git apply $cvePatches/CVE-2017-7472/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+git apply $cvePatches/CVE-2017-7616/ANY/0.patch
+git apply $cvePatches/CVE-2017-7618/ANY/0.patch
+git apply $cvePatches/CVE-2017-8247/ANY/0.patch
+git apply $cvePatches/CVE-2017-8280/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+git apply $cvePatches/CVE-2017-9676/ANY/0.patch
+git apply $cvePatches/CVE-2017-9686/3.18/0.patch
+git apply $cvePatches/CVE-2017-9687/3.18/0.patch
+git apply $cvePatches/CVE-2017-9697/3.18/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_google_msm.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+cd $base"kernel/google/msm"
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2015-1593/ANY/0.patch
+git apply $cvePatches/CVE-2016-3859/ANY/0.patch
+git apply $cvePatches/CVE-2016-8402/3.4/1.patch
+git apply $cvePatches/CVE-2016-8404/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-0751/ANY/0.patch
+git apply $cvePatches/CVE-2017-0786/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_htc_flounder.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+cd $base"kernel/htc/flounder"
+git apply $cvePatches/CVE-2014-9892/ANY/0.patch
+git apply $cvePatches/CVE-2014-9900/ANY/0.patch
+git apply $cvePatches/CVE-2015-4177/ANY/0.patch
+git apply $cvePatches/CVE-2015-7515/ANY/0.patch
+git apply $cvePatches/CVE-2015-8944/ANY/0.patch
+git apply $cvePatches/CVE-2016-0819/ANY/0.patch
+git apply $cvePatches/CVE-2016-8453/ANY/0.patch
+git apply $cvePatches/CVE-2016-8464/3.10/0.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0449/ANY/0.patch
+git apply $cvePatches/CVE-2017-0537/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-0794/3.10/0.patch
+git apply $cvePatches/CVE-2017-10996/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-2671/ANY/0.patch
+git apply $cvePatches/CVE-2017-5669/ANY/1.patch
+git apply $cvePatches/CVE-2017-5970/ANY/0.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-6951/ANY/0.patch
+git apply $cvePatches/CVE-2017-7472/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_bullhead.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+cd $base"kernel/lge/bullhead"
+git apply $cvePatches/CVE-2014-8160/ANY/0.patch
+git apply $cvePatches/CVE-2014-8173/ANY/0.patch
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2015-2041/ANY/0.patch
+git apply $cvePatches/CVE-2015-4177/ANY/0.patch
+git apply $cvePatches/CVE-2015-7515/ANY/0.patch
+git apply $cvePatches/CVE-2015-7550/ANY/0.patch
+git apply $cvePatches/CVE-2016-0805/ANY/0.patch
+git apply $cvePatches/CVE-2016-10231/ANY/1.patch
+git apply $cvePatches/CVE-2016-10233/3.10/1.patch
+git apply $cvePatches/CVE-2016-2063/ANY/0.patch
+git apply $cvePatches/CVE-2016-2185/ANY/0.patch
+git apply $cvePatches/CVE-2016-2186/ANY/0.patch
+git apply $cvePatches/CVE-2016-2187/ANY/0.patch
+git apply $cvePatches/CVE-2016-2384/ANY/0.patch
+git apply $cvePatches/CVE-2016-2544/ANY/0.patch
+git apply $cvePatches/CVE-2016-2545/ANY/0.patch
+git apply $cvePatches/CVE-2016-2547/ANY/0.patch
+git apply $cvePatches/CVE-2016-2549/ANY/0.patch
+git apply $cvePatches/CVE-2016-3070/ANY/0.patch
+git apply $cvePatches/CVE-2016-3134/3.10/0.patch
+git apply $cvePatches/CVE-2016-3136/ANY/0.patch
+git apply $cvePatches/CVE-2016-3140/ANY/0.patch
+git apply $cvePatches/CVE-2016-3672/ANY/0.patch
+git apply $cvePatches/CVE-2016-3689/ANY/0.patch
+git apply $cvePatches/CVE-2016-3857/3.10/0.patch
+git apply $cvePatches/CVE-2016-5345/ANY/0.patch
+git apply $cvePatches/CVE-2016-5859/ANY/0.patch
+git apply $cvePatches/CVE-2016-5867/ANY/0.patch
+git apply $cvePatches/CVE-2016-5870/ANY/0.patch
+git apply $cvePatches/CVE-2016-8404/ANY/0.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0436/ANY/0.patch
+git apply $cvePatches/CVE-2017-0510/3.10/0.patch
+git apply $cvePatches/CVE-2017-0516/ANY/0.patch
+git apply $cvePatches/CVE-2017-0523/ANY/0.patch
+git apply $cvePatches/CVE-2017-0537/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-2618/3.10/0.patch
+git apply $cvePatches/CVE-2017-2671/ANY/0.patch
+git apply $cvePatches/CVE-2017-5669/ANY/1.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-6951/ANY/0.patch
+git apply $cvePatches/CVE-2017-7472/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_hammerhead.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+cd $base"kernel/lge/hammerhead"
+git apply $cvePatches/CVE-2014-9881/ANY/0.patch
+git apply $cvePatches/CVE-2015-1593/ANY/0.patch
+git apply $cvePatches/CVE-2016-5829/ANY/0.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0611/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-0751/ANY/0.patch
+git apply $cvePatches/CVE-2017-0786/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-2671/ANY/0.patch
+git apply $cvePatches/CVE-2017-5970/ANY/0.patch
+git apply $cvePatches/CVE-2017-6074/ANY/0.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-6951/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+git apply $cvePatches/CVE-2017-8247/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_moto_shamu.sh

@@ -0,0 +1,53 @@
+#!/bin/bash
+cd $base"kernel/moto/shamu"
+git apply $cvePatches/CVE-2014-8160/ANY/0.patch
+git apply $cvePatches/CVE-2014-8173/ANY/0.patch
+git apply $cvePatches/CVE-2014-9420/ANY/0.patch
+git apply $cvePatches/CVE-2014-9683/ANY/0.patch
+git apply $cvePatches/CVE-2014-9715/ANY/0.patch
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2015-1593/ANY/0.patch
+git apply $cvePatches/CVE-2015-2041/ANY/0.patch
+git apply $cvePatches/CVE-2015-4177/ANY/0.patch
+git apply $cvePatches/CVE-2015-7515/ANY/0.patch
+git apply $cvePatches/CVE-2015-7550/ANY/0.patch
+git apply $cvePatches/CVE-2015-8967/ANY/0.patch
+git apply $cvePatches/CVE-2016-0758/ANY/0.patch
+git apply $cvePatches/CVE-2016-10233/3.10/1.patch
+git apply $cvePatches/CVE-2016-2185/ANY/0.patch
+git apply $cvePatches/CVE-2016-2186/ANY/0.patch
+git apply $cvePatches/CVE-2016-2187/ANY/0.patch
+git apply $cvePatches/CVE-2016-2384/ANY/0.patch
+git apply $cvePatches/CVE-2016-2544/ANY/0.patch
+git apply $cvePatches/CVE-2016-2545/ANY/0.patch
+git apply $cvePatches/CVE-2016-2547/ANY/0.patch
+git apply $cvePatches/CVE-2016-2549/ANY/0.patch
+git apply $cvePatches/CVE-2016-3070/ANY/0.patch
+git apply $cvePatches/CVE-2016-3134/3.10/0.patch
+git apply $cvePatches/CVE-2016-3136/ANY/0.patch
+git apply $cvePatches/CVE-2016-3138/ANY/0.patch
+git apply $cvePatches/CVE-2016-3140/ANY/0.patch
+git apply $cvePatches/CVE-2016-3689/ANY/0.patch
+git apply $cvePatches/CVE-2016-3857/3.10/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/1.patch
+git apply $cvePatches/CVE-2016-5342/ANY/0.patch
+git apply $cvePatches/CVE-2016-5870/ANY/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2016-8404/ANY/0.patch
+git apply $cvePatches/CVE-2016-8464/3.10/0.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0404/ANY/0.patch
+git apply $cvePatches/CVE-2017-0537/ANY/0.patch
+git apply $cvePatches/CVE-2017-0627/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-2618/3.10/0.patch
+git apply $cvePatches/CVE-2017-2671/ANY/0.patch
+git apply $cvePatches/CVE-2017-5669/ANY/1.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-6951/ANY/0.patch
+git apply $cvePatches/CVE-2017-7472/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+git apply $cvePatches/CVE-2017-8269/ANY/0.patch
+git apply $cvePatches/CVE-2017-9242/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8916.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+cd $base"kernel/motorola/msm8916"
+git apply $cvePatches/CVE-2014-9420/ANY/0.patch
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2015-1593/ANY/0.patch
+git apply $cvePatches/CVE-2015-7515/ANY/0.patch
+git apply $cvePatches/CVE-2015-8967/ANY/0.patch
+git apply $cvePatches/CVE-2016-10231/ANY/1.patch
+git apply $cvePatches/CVE-2016-10233/3.10/1.patch
+git apply $cvePatches/CVE-2016-3134/3.10/0.patch
+git apply $cvePatches/CVE-2016-3672/ANY/0.patch
+git apply $cvePatches/CVE-2016-3857/3.10/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/0.patch
+git apply $cvePatches/CVE-2016-3865/ANY/1.patch
+git apply $cvePatches/CVE-2016-3902/ANY/0.patch
+git apply $cvePatches/CVE-2016-5859/ANY/0.patch
+git apply $cvePatches/CVE-2016-5867/ANY/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2017-0457/3.10/0.patch
+git apply $cvePatches/CVE-2017-0457/3.10/1.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+git apply $cvePatches/CVE-2017-0794/3.10/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_nextbit_msm8992.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+cd $base"kernel/nextbit/msm8992"
+git apply $cvePatches/CVE-2014-9904/ANY/0.patch
+git apply $cvePatches/CVE-2016-6672/ANY/0.patch
+git apply $cvePatches/CVE-2017-0750/ANY/0.patch
+cd $base

Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_samsung_smdk4412.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+cd $base"kernel/samsung/smdk4412"
+git apply $cvePatches/CVE-2014-1739/ANY/0.patch
+git apply $cvePatches/CVE-2014-4656/ANY/0.patch
+git apply $cvePatches/CVE-2014-9420/ANY/0.patch
+git apply $cvePatches/CVE-2014-9781/ANY/0.patch
+git apply $cvePatches/CVE-2014-9870/ANY/0.patch
+git apply $cvePatches/CVE-2014-9900/ANY/0.patch
+git apply $cvePatches/CVE-2015-8944/ANY/0.patch
+git apply $cvePatches/CVE-2016-0819/ANY/0.patch
+git apply $cvePatches/CVE-2016-2185/ANY/0.patch
+git apply $cvePatches/CVE-2016-2186/ANY/0.patch
+git apply $cvePatches/CVE-2016-2544/ANY/0.patch
+git apply $cvePatches/CVE-2016-6753/ANY/0.patch
+git apply $cvePatches/CVE-2016-9604/ANY/0.patch
+git apply $cvePatches/CVE-2017-0403/ANY/0.patch
+git apply $cvePatches/CVE-2017-0404/ANY/0.patch
+git apply $cvePatches/CVE-2017-0430/ANY/0.patch
+git apply $cvePatches/CVE-2017-0786/ANY/0.patch
+git apply $cvePatches/CVE-2017-10662/ANY/0.patch
+git apply $cvePatches/CVE-2017-15265/ANY/0.patch
+git apply $cvePatches/CVE-2017-6074/ANY/0.patch
+git apply $cvePatches/CVE-2017-6348/ANY/0.patch
+git apply $cvePatches/CVE-2017-7487/ANY/0.patch
+cd $base