#fixed in 4.1.37
patch CVE-2016-7039-net-add-recursion-limit-to-GRO.patch
patch CVE-2016-8399-net-ping-check-minimum-size-on-ICMP-header-length.patch
patch CVE-2016-8655-packet-fix-race-condition-in-packet_set_ring.patch

#fixed in 4.1.40
patch CVE-2016-10229-udp-properly-support-MSG_PEEK-with-truncated-buffers.patch
patch CVE-2017-7618-crypto-ahash-Fix-EINPROGRESS-notification-callback.patch
patch CVE-2017-7895-nfsd-stricter-decoding-of-write-like-NFSv2-v3-ops.patch

#fixed in 4.1.41
patch CVE-2017-10661-timerfd-Protect-the-might-cancel-mechanism-proper.patch
patch CVE-2017-18221-mlock-fix-mlock-count-can-not-decrease-in-race-condi.patch
patch CVE-2017-7308-net-packet-fix-overflow-in-check-for-priv-area-size.patch

#fixed in 4.1.42
patch CVE-2017-9074-ipv6-Prevent-overrun-when-parsing-v6-header-options.patch

#fixed in 4.1.43
patch CVE-2017-18017-netfilter-xt_TCPMSS-add-more-sanity-tests-on-tcph-do.patch

#fixed in 4.1.44
patch CVE-2017-1000111-packet-fix-tp_reserve-race-in-packet_set_ring.patch

#fixed in 4.1.45
patch CVE-2018-10675-mm-mempolicy-fix-use-after-free-when-calling-get_mem.patch

#fixed in 4.1.49
patch CVE-2017-17805-crypto-salsa20-fix-blkcipher_walk-API-usage.patch
patch CVE-2017-17806-crypto-hmac-require-that-the-underlying-hash-algorit.patch
patch CVE-2017-6346-packet-fix-races-in-fanout_add.patch
patch CVE-2017-7184-xfrm_user-validate-XFRM_MSG_NEWAE-incoming-ESN-size-.patch