diff --git a/Manifests/Manifest_LAOS-17.1.xml b/Manifests/Manifest_LAOS-17.1.xml
index 51c2cade..f3485fc8 100644
--- a/Manifests/Manifest_LAOS-17.1.xml
+++ b/Manifests/Manifest_LAOS-17.1.xml
@@ -75,7 +75,7 @@
-
+
diff --git a/Patches/LineageOS-14.1/android_system_core/0001-Harden.patch b/Patches/LineageOS-14.1/android_system_core/0001-Harden.patch
index fb911f0d..620be786 100644
--- a/Patches/LineageOS-14.1/android_system_core/0001-Harden.patch
+++ b/Patches/LineageOS-14.1/android_system_core/0001-Harden.patch
@@ -27,22 +27,24 @@ index 7a370596e..35bf44a7b 100755
}
// We must have some place other than / to create the device nodes for
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 498203c83..4875ff54b 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
-@@ -126,6 +126,14 @@ on init
+@@ -126,7 +126,18 @@ on init
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
++ write /proc/sys/kernel/dmesg_restrict 1
+ write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/all/max_addresses 128
++ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
-+ write /proc/sys/kernel/dmesg_restrict 1
++ write /proc/sys/net/ipv6/conf/default/max_addresses 128
++ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/kptr_restrict 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
diff --git a/Patches/LineageOS-15.1/android_system_core/0001-Harden.patch b/Patches/LineageOS-15.1/android_system_core/0001-Harden.patch
index 4cd19ce5..91461300 100644
--- a/Patches/LineageOS-15.1/android_system_core/0001-Harden.patch
+++ b/Patches/LineageOS-15.1/android_system_core/0001-Harden.patch
@@ -31,23 +31,24 @@ index 35fc442d0..b65686f93 100644
mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8));
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index f9cb4a3ef..c3cea4eb6 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
-@@ -124,6 +124,15 @@ on init
+@@ -124,6 +124,18 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1
-+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/all/max_addresses 128
++ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/default/max_addresses 128
++ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
diff --git a/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch b/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch
index 8c241a8e..756015c6 100644
--- a/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch
+++ b/Patches/LineageOS-16.0/android_system_core/0001-Harden.patch
@@ -31,23 +31,24 @@ index eb9dd755b..504a6d13e 100644
mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL);
mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11));
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 4a8a60a96..acd1d06d1 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
-@@ -121,6 +121,15 @@ on init
+@@ -121,6 +121,18 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1
-+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/all/max_addresses 128
++ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/default/max_addresses 128
++ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
diff --git a/Patches/LineageOS-17.1/android_system_core/0001-Harden.patch b/Patches/LineageOS-17.1/android_system_core/0001-Harden.patch
index f699db50..5904dd15 100644
--- a/Patches/LineageOS-17.1/android_system_core/0001-Harden.patch
+++ b/Patches/LineageOS-17.1/android_system_core/0001-Harden.patch
@@ -32,23 +32,24 @@ index 2b899408a..84c2735c2 100644
CHECKCALL(mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL));
CHECKCALL(mknod("/dev/kmsg", S_IFCHR | 0600, makedev(1, 11)));
-diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 58a83e091..a28db476b 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
-@@ -140,6 +140,15 @@ on init
+@@ -140,6 +140,18 @@ on init
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_child_runs_first 0
+ write /proc/sys/kernel/dmesg_restrict 1
-+ write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/fs/protected_hardlinks 1
+ write /proc/sys/fs/protected_symlinks 1
+ write /proc/sys/fs/protected_fifos 1
+ write /proc/sys/fs/protected_regular 1
+ write /proc/sys/net/ipv4/tcp_sack 0
+ write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/all/max_addresses 128
++ write /proc/sys/net/ipv6/conf/all/temp_prefered_lft 21600
+ write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
++ write /proc/sys/net/ipv6/conf/default/max_addresses 128
++ write /proc/sys/net/ipv6/conf/default/temp_prefered_lft 21600
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/vm/mmap_min_addr 32768
write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
index 1b6fed4a..7a41fbdf 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
@@ -24,6 +24,7 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6187/^4.6.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-8394/ANY/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-9919/^4.8.12/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0610/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-1000252/^4.13.3/0001.patch
@@ -76,7 +77,6 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10614/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12378/^5.1.5/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-12456/^5.1.5/0001.patch
-git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14038/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14040/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14041/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
@@ -89,10 +89,11 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2264/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2333/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-2341/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-8912/^4.20.11/0001.patch
+git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-8992/^5.5.3/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6693/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-6696/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-0750/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2017-14875/ANY/0001.patch
git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-10622/ANY/0002.patch
-editKernelLocalversion "-dos.p94"
+editKernelLocalversion "-dos.p95"
cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh
index 0919d4f1..ce60f716 100644
--- a/Scripts/LineageOS-17.1/Functions.sh
+++ b/Scripts/LineageOS-17.1/Functions.sh
@@ -79,7 +79,7 @@ buildAll() {
buildDevice cheryl;
buildDevice mata verity;
#SD660
- buildDevice Amber verity; #TimeKeep error
+ buildDevice Amber verity;
}
export -f buildAll;