diff --git a/Manifests/Manifest_LAOS-15.1.xml b/Manifests/Manifest_LAOS-15.1.xml
index 7cbf87eb..46255123 100644
--- a/Manifests/Manifest_LAOS-15.1.xml
+++ b/Manifests/Manifest_LAOS-15.1.xml
@@ -88,6 +88,7 @@
 	<!-- Common -->
 	<project path="packages/resources/devicesettings" name="LineageOS/android_packages_resources_devicesettings" remote="github" />
 	<project path="device/qcom/common" name="LineageOS/android_device_qcom_common" remote="github" />
+	<project path="external/bson" name="LineageOS/android_external_bson" remote="github" />
 	<project path="external/sony/boringssl-compat" name="LineageOS/android_external_sony_boringssl-compat" remote="github" />
 	<project path="hardware/sony/thermanager" name="LineageOS/android_hardware_sony_thermanager" remote="github" />
 	<project path="hardware/sony/timekeep" name="LineageOS/android_hardware_sony_timekeep" remote="github" />
@@ -142,6 +143,10 @@
 	<project path="device/motorola/clark" name="hashbang173/android_device_motorola_clark" remote="github" />
 	<project path="kernel/motorola/msm8992" name="hashbang173/android_kernel_motorola_msm8992" remote="github" />
 
+	<!-- Moto Z (griffin) -->
+	<project path="device/motorola/griffin" name="LineageOS/android_device_motorola_griffin" remote="github" />
+	<project path="kernel/motorola/msm8996" name="LineageOS/android_kernel_motorola_msm8996" remote="github" />
+
 	<!-- Nextbit Robin (ether) -->
 	<project path="device/nextbit/ether" name="LineageOS/android_device_nextbit_ether" remote="github" />
 	<project path="kernel/nextbit/msm8992" name="LineageOS/android_kernel_nextbit_msm8992" remote="github" />
diff --git a/Patches/Linux b/Patches/Linux
index 3df11056..15d06644 160000
--- a/Patches/Linux
+++ b/Patches/Linux
@@ -1 +1 @@
-Subproject commit 3df110564933e4485c77420247c4f7a218a60c47
+Subproject commit 15d066443badcf400bc2b46e12958d89305c8bc3
diff --git a/Scripts/Common/Deblob.sh b/Scripts/Common/Deblob.sh
index 7c69721e..4ae8d1df 100755
--- a/Scripts/Common/Deblob.sh
+++ b/Scripts/Common/Deblob.sh
@@ -45,7 +45,7 @@ echo "Deblobbing..."
 	blobs=$blobs"alipay.b00|alipay.b01|alipay.b02|alipay.b03|alipay.b04|alipay.b05|alipay.b06|alipay.mdt";
 
 	#aptX (Bluetooth Audio Compression Codec) [Qualcomm]
-	blobs=$blobs"|libaptX-1.0.0-rel-Android21-ARMv7A.so|libaptXHD-1.0.0-rel-Android21-ARMv7A.so|libaptXScheduler.so";
+	blobs=$blobs"|libaptX_encoder.so|libaptXHD_encoder.so|libaptX-1.0.0-rel-Android21-ARMv7A.so|libaptXHD-1.0.0-rel-Android21-ARMv7A.so|libaptXScheduler.so";
 
 	#ATFWD [Qualcomm]
 	blobs=$blobs"|ATFWD-daemon|atfwd.apk";
@@ -191,7 +191,7 @@ echo "Deblobbing..."
 	blobs=$blobs"|com.qualcomm.location.vzw_library.jar|com.qualcomm.location.vzw_library.xml|com.verizon.apn.xml|com.verizon.embms.xml|com.verizon.hardware.telephony.ehrpd.jar|com.verizon.hardware.telephony.ehrpd.xml|com.verizon.hardware.telephony.lte.jar|com.verizon.hardware.telephony.lte.xml|com.verizon.ims.jar|com.verizon.ims.xml|com.verizon.provider.xml|com.vzw.vzwapnlib.xml|qti-vzw-ims-internal.jar|qti-vzw-ims-internal.xml|VerizonUnifiedSettings.jar|VZWAPNLib.apk|VZWAPNService.apk|VZWAVS.apk|VzwLcSilent.apk|vzw_msdc_api.apk|VzwOmaTrigger.apk|vzw_sso_permissions.xml";
 
 	#Voice Recognition
-	blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollmentRT5677.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";
+	blobs=$blobs"|aonvr1.bin|aonvr2.bin|audiomonitor|es305_fw.bin|HotwordEnrollment.apk|HotwordEnrollment*.apk|libadpcmdec.so|liblistenhardware.so|liblistenjni.so|liblisten.so|liblistensoundmodel.so|libqvop-service.so|librecoglib.so|libsmwrapper.so|libsupermodel.so|libtrainingcheck.so|qvop-daemon|sound_trigger.primary.msm8916.so|sound_trigger.primary.msm8996.so";
 
 	#Vulkan [Qualcomm]
 	#blobs=$blobs"|libllvm-qgl.so|vulkan.msm*.so";
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index 93bf0b1b..a7250934 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -47,6 +47,28 @@ gitReset() {
 }
 export -f gitReset;
 
+scanForMalware() {
+	if [ -x /usr/bin/clamscan ] && [ -f /var/lib/clamav/main.cvd ]; then
+		echo -e "\e[0;32mStarting a malware scan, this might take a while...\e[0m";
+		scanQueue="$base/build $base/device $base/vendor";
+		#scanQueue=$scanQueue" $base/prebuilts $base/sdk $base/toolchain $base/tools";
+		du -hsc $scanQueue;
+		/usr/bin/clamscan --recursive --detect-pua --infected --exclude-dir=".git" $scanQueue;
+		clamscanExit=$?;
+		if [ "$clamscanExit" -eq "1" ]; then
+			echo -e "\e[0;31m----------------------------------------------------------------\e[0m";
+			echo -e "\e[0;31mWARNING: MALWARE WAS FOUND! PLEASE INVESTIGATE!\e[0m";
+			echo -e "\e[0;31m----------------------------------------------------------------\e[0m";
+		fi;
+		if [ "$clamscanExit" -eq "0" ]; then
+			echo -e "\e[0;32mNo malware found\e[0m";
+		fi;
+	else
+		echo -e "\e[0;33mWARNING: clamscan is unavailable, a malware scan will not be performed!\e[0m";
+	fi;
+}
+export -f scanForMalware;
+
 disableDexPreOpt() {
 	cd $base$1;
 	if [ -f BoardConfig.mk ]; then
diff --git a/Scripts/LineageOS-14.1/00init.sh b/Scripts/LineageOS-14.1/00init.sh
index 4c113c8f..0c9ab497 100644
--- a/Scripts/LineageOS-14.1/00init.sh
+++ b/Scripts/LineageOS-14.1/00init.sh
@@ -45,6 +45,8 @@ export GRADLE_OPTS="-Xmx2048m";
 
 export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
 
+export MALWARE_SCAN_ON_PATCH=false; #Switch to true to perform a malware scan of certain directories before patching
+
 source $scriptsCommon"/Functions.sh";
 source $scripts"/Functions.sh";
 
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index 846fd4a2..43dd710e 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -41,18 +41,18 @@ export -f buildDeviceDebug;
 
 buildAll() {
 #Select devices are userdebug due to SELinux policy issues
-#TODO: Add victara, griffin, athene, us997, us996, pme, t0lte, hlte
-	brunch lineage_thor-userdebug;
+#TODO: Add victara, athene, us997, us996, pme, t0lte, hlte
+	brunch lineage_thor-userdebug; #deprecated
 	brunch lineage_clark-user;
 	brunch lineage_ether-user;
 	brunch lineage_FP2-user;
-#	brunch lineage_h815-user; - (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
+#	brunch lineage_h815-user; #deprecated (UPSTREAM) drivers/input/touchscreen/DS5/RefCode_CustomerImplementation.c:147:1: warning: the frame size of 2064 bytes is larger than 2048 bytes
 	brunch lineage_h850-userdebug;
 	brunch lineage_hammerhead-user;
 	brunch lineage_herolte-user;
-	brunch lineage_himaul-user;
+	brunch lineage_himaul-user; #deprecated
 	brunch lineage_i9100-userdebug;
-	brunch lineage_i9305-user;
+	brunch lineage_i9305-user; #deprecated?
 	brunch lineage_jfltexx-user;
 	brunch lineage_klte-user;
 	brunch lineage_n5110-user;
@@ -62,6 +62,8 @@ buildAll() {
 export -f buildAll;
 
 patchWorkspace() {
+	if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi;
+
 	#source build/envsetup.sh;
 
 	source $scripts/Patch.sh;
diff --git a/Scripts/LineageOS-15.1/00init.sh b/Scripts/LineageOS-15.1/00init.sh
index e5b9d3ae..55751f38 100644
--- a/Scripts/LineageOS-15.1/00init.sh
+++ b/Scripts/LineageOS-15.1/00init.sh
@@ -45,6 +45,8 @@ export GRADLE_OPTS="-Xmx2048m";
 
 export NON_COMMERCIAL_USE_PATCHES=false; #Switch to false to prevent inclusion of non-commercial use patches
 
+export MALWARE_SCAN_ON_PATCH=false; #Switch to true to perform a malware scan of certain directories before patching
+
 source $scriptsCommon"/Functions.sh";
 source $scripts"/Functions.sh";
 
diff --git a/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_motorola_msm8996.sh b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
new file mode 100644
index 00000000..a3b1ed8e
--- /dev/null
+++ b/Scripts/LineageOS-15.1/CVE_Patchers/android_kernel_motorola_msm8996.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+cd $base"kernel/motorola/msm8996"
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0019.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0020.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0021.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0022.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0023.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0025.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0026.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0027.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0028.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0029.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0030.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0031.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0032.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0033.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0034.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0035.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0036.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0037.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0040.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0041.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0042.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0043.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0045.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0046.patch
+git apply $cvePatchesLinux/0007-Copperhead-Kernel_Hardening/3.18/0050.patch
+git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0011.patch
+git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0012.patch
+git apply $cvePatchesLinux/0010-Accelerated_AES/3.10+/0013.patch
+git apply $cvePatchesLinux/CVE-2014-9900/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2015-2041/^3.19/0002.patch
+git apply $cvePatchesLinux/CVE-2015-7515/^4.4/0002.patch
+git apply $cvePatchesLinux/CVE-2016-2188/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-2188/ANY/0002.patch
+git apply $cvePatchesLinux/CVE-2016-2549/^4.4/0001.patch
+git apply $cvePatchesLinux/CVE-2016-3136/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-3137/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-3138/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-3140/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-3672/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-3857/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-8394/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0003.patch
+git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0007.patch
+git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0008.patch
+git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0009.patch
+git apply $cvePatchesLinux/CVE-2016-GadgetFS/ANY/0010.patch
+git apply $cvePatchesLinux/CVE-2017-0610/ANY/0002.patch
+git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-1000410/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-13215/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-13218/3.18/0009.patch
+git apply $cvePatchesLinux/CVE-2017-14883/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-15115/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-15649/ANY/0002.patch
+git apply $cvePatchesLinux/CVE-2017-15842/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-15843/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16525/^4.13/0002.patch
+git apply $cvePatchesLinux/CVE-2017-16526/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16530/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16531/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16532/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16533/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16535/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16537/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
+git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16646/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0003.patch
+git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
+git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
+git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0009.patch
+git apply $cvePatchesLinux/CVE-2017-17449/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-17558/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-17762/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-18066/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-5669/^4.9/0001.patch
+git apply $cvePatchesLinux/CVE-2017-5972/ANY/0002.patch
+git apply $cvePatchesLinux/CVE-2017-6001/^4.9/0002.patch
+git apply $cvePatchesLinux/CVE-2017-6348/^4.9/0001.patch
+git apply $cvePatchesLinux/CVE-2017-8251/3.18/0002.patch
+git apply $cvePatchesLinux/CVE-2018-3560/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2018-3563/3.18/0002.patch
+git apply $cvePatchesLinux/CVE-2018-3599/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2018-5825/3.18/0002.patch
+git apply $cvePatchesLinux/CVE-2018-5848/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2018-5849/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-6693/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2016-6696/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-0610/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-0750/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-14883/ANY/0001.patch
+editKernelLocalversion "-dos.p97"
+cd $base
diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh
index cc83ee2a..d1b3b026 100644
--- a/Scripts/LineageOS-15.1/Functions.sh
+++ b/Scripts/LineageOS-15.1/Functions.sh
@@ -18,7 +18,7 @@
 #Last verified: 2018-04-27
 
 patchAllKernels() {
-	startPatcher "kernel_fairphone_msm8974 kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8992 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
+	startPatcher "kernel_fairphone_msm8974 kernel_google_marlin kernel_google_msm kernel_htc_flounder kernel_htc_msm8974 kernel_huawei_angler kernel_lge_bullhead kernel_lge_g3 kernel_lge_hammerhead kernel_lge_mako kernel_lge_msm8974 kernel_lge_msm8996 kernel_moto_shamu kernel_motorola_msm8992 kernel_motorola_msm8996 kernel_nextbit_msm8992 kernel_oppo_msm8974 kernel_samsung_msm8974";
 }
 export -f patchAllKernels;
 
@@ -41,7 +41,6 @@ export -f buildDeviceDebug;
 
 buildAll() {
 #Select devices are userdebug due to SELinux policy issues
-#TODO: Add victara, griffin, athene, us997, us996, pme, t0lte, hlte
 	brunch lineage_d852-user;
 	brunch lineage_bacon-user;
 	brunch lineage_mako-user;
@@ -52,6 +51,7 @@ buildAll() {
 	brunch lineage_d855-user;
 	brunch lineage_flo-user;
 	brunch lineage_flounder-user;
+	brunch lineage_griffin-user;
 	#brunch lineage_h850-userdebug;
 	#brunch lineage_hammerhead-user;
 	brunch lineage_marlin-user;
@@ -62,6 +62,8 @@ buildAll() {
 export -f buildAll;
 
 patchWorkspace() {
+	if [ "$MALWARE_SCAN_ON_PATCH" = true ]; then scanForMalware; fi;
+
 	source build/envsetup.sh;
 	repopick -f 206123; #bionic: Sort and cache hosts file data for fast lookup
 	repopick -f 209030; #ContactsProvider: Prevent device contact being deleted.