diff --git a/Manifests/Manifest_LAOS-14.1.xml b/Manifests/Manifest_LAOS-14.1.xml
index 0fc3403c..e5dda862 100644
--- a/Manifests/Manifest_LAOS-14.1.xml
+++ b/Manifests/Manifest_LAOS-14.1.xml
@@ -23,6 +23,7 @@
 	<remove-project name="LineageOS/android_packages_apps_LockClock" />
 	<remove-project name="LineageOS/android_packages_apps_ManagedProvisioning" />
 	<remove-project name="LineageOS/android_packages_apps_OpenWeatherMapProvider" />
+	<remove-project name="LineageOS/android_packages_apps_Snap" />
 	<remove-project name="LineageOS/android_packages_apps_Stk" />
 	<remove-project name="LineageOS/android_packages_apps_Terminal" />
 	<remove-project name="LineageOS/android_packages_apps_TV" />
diff --git a/Misc/Spectre.txt b/Misc/Spectre.txt
new file mode 100644
index 00000000..fa70360f
--- /dev/null
+++ b/Misc/Spectre.txt
@@ -0,0 +1,11 @@
+0001-BACKPORT-arm64-Add-CNTVCT_EL0-trap-handler.patch
+BACKPORT: arm64: Add CNTVCT_EL0 trap handler
+
+0002-BACKPORT-arm64-Add-CNTFRQ_EL0-trap-handler.patch
+BACKPORT: arm64: Add CNTFRQ_EL0 trap handler
+
+0003-arm64-issue-isb-when-trapping-CNTVCT_EL0-access.patch
+arm64: issue isb when trapping CNTVCT_EL0 access
+
+0004-clocksource-arch_timer-make-virtual-counter-access-c.patch
+clocksource: arch_timer: make virtual counter access-c
diff --git a/Patches/Linux b/Patches/Linux
index a815f2aa..dc61bc48 160000
--- a/Patches/Linux
+++ b/Patches/Linux
@@ -1 +1 @@
-Subproject commit a815f2aa1c5f0d18981412b01feb21957c737867
+Subproject commit dc61bc4827bcaf29c0f06397585b11a94814e5e4
diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh
index 4ea12b20..6f556cae 100644
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_lge_msm8992.sh
@@ -104,6 +104,7 @@ git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
 git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16939/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
diff --git a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh
index 865b460f..c314529b 100644
--- a/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh
+++ b/Scripts/LineageOS-14.1/CVE_Patchers/android_kernel_motorola_msm8992.sh
@@ -121,6 +121,7 @@ git apply $cvePatchesLinux/CVE-2017-16538/^4.13/0002.patch
 git apply $cvePatchesLinux/CVE-2017-16643/3.5+/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16645/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16650/ANY/0001.patch
+git apply $cvePatchesLinux/CVE-2017-16939/3.10/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0001.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0005.patch
 git apply $cvePatchesLinux/CVE-2017-16USB/ANY/0006.patch
diff --git a/Scripts/LineageOS-14.1/Functions.sh b/Scripts/LineageOS-14.1/Functions.sh
index 25ef942b..edebb424 100644
--- a/Scripts/LineageOS-14.1/Functions.sh
+++ b/Scripts/LineageOS-14.1/Functions.sh
@@ -119,7 +119,7 @@ hardenDefconfig() {
 
 	#Enable supported options
 	#Disabled: CONFIG_DEBUG_SG (bootloops - https://patchwork.kernel.org/patch/8989981)
-	declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_BUG" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGINS" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP_FILTER" "CONFIG_SECCOMP" "CONFIG_SECURITY" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT")
+	declare -a optionsYes=("CONFIG_ARM64_SW_TTBR0_PAN" "CONFIG_BUG_ON_DATA_CORRUPTION" "CONFIG_BUG" "CONFIG_CC_STACKPROTECTOR_STRONG" "CONFIG_CC_STACKPROTECTOR" "CONFIG_CPU_SW_DOMAIN_PAN" "CONFIG_DEBUG_CREDENTIALS" "CONFIG_DEBUG_KERNEL" "CONFIG_DEBUG_LIST" "CONFIG_DEBUG_NOTIFIERS" "CONFIG_DEBUG_RODATA" "CONFIG_DEBUG_WX" "CONFIG_FORTIFY_SOURCE" "CONFIG_GCC_PLUGIN_LATENT_ENTROPY" "CONFIG_GCC_PLUGIN_RANDSTRUCT" "CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL" "CONFIG_GCC_PLUGIN_STRUCTLEAK" "CONFIG_GCC_PLUGINS" "CONFIG_HARDENED_USERCOPY" "CONFIG_IO_STRICT_DEVMEM" "CONFIG_LEGACY_VSYSCALL_NONE" "CONFIG_PAGE_POISONING_NO_SANITY" "CONFIG_PAGE_POISONING" "CONFIG_PAGE_POISONING_ZERO" "CONFIG_PANIC_ON_OOPS" "CONFIG_RANDOMIZE_BASE" "CONFIG_REFCOUNT_FULL" "CONFIG_SCHED_STACK_END_CHECK" "CONFIG_SECCOMP_FILTER" "CONFIG_SECCOMP" "CONFIG_SECURITY" "CONFIG_SECURITY_YAMA" "CONFIG_SECURITY_YAMA_STACKED" "CONFIG_SLAB_FREELIST_RANDOM" "CONFIG_SLAB_HARDENED" "CONFIG_SLUB_DEBUG" "CONFIG_STRICT_DEVMEM" "CONFIG_STRICT_KERNEL_RWX" "CONFIG_STRICT_MEMORY_RWX" "CONFIG_SYN_COOKIES" "CONFIG_VMAP_STACK" "CONFIG_SECURITY_PERF_EVENTS_RESTRICT" "CONFIG_PAGE_TABLE_ISOLATION" "CONFIG_UNMAP_KERNEL_AT_EL0" "CONFIG_KAISER")
 	for option in "${optionsYes[@]}"
 	do
 		sed -i 's/# '$option' is not set/'$option'=y/' $defconfigPath &>/dev/null || true;