From d92560402d96c55b096847226d1c3acbfa5b348a Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho@docker.com>
Date: Thu, 13 Apr 2017 08:58:33 -0600
Subject: [PATCH] security events: add writeup of CVE-2016-10229

Signed-off-by: Tycho Andersen <tycho@docker.com>
---
 docs/security-events.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/security-events.md b/docs/security-events.md
index 0081eeb52..37cde20fd 100644
--- a/docs/security-events.md
+++ b/docs/security-events.md
@@ -9,5 +9,8 @@ The incomplete list below is an assessment of some CVEs, and LinuxKit's resilien
   ([exploit post](https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html)):
   This CVE requires `CONFIG_N_HDLC={y|m}`, which LinuxKit does not specify, and so
   is not vulnerable.
+* [CVE-2016-10229](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229)
+  This CVE only applies to kernels `<= 4.5, <= 4.4.21`. By using recent kernels
+  (specifically, kernels `=> 4.9, >= 4.4.21`, LinuxKit mitigates this bug.
 
 ### Bugs not mitigated: