diff --git a/docs/security-events.md b/docs/security-events.md
index 0081eeb52..37cde20fd 100644
--- a/docs/security-events.md
+++ b/docs/security-events.md
@@ -9,5 +9,8 @@ The incomplete list below is an assessment of some CVEs, and LinuxKit's resilien
   ([exploit post](https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html)):
   This CVE requires `CONFIG_N_HDLC={y|m}`, which LinuxKit does not specify, and so
   is not vulnerable.
+* [CVE-2016-10229](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229)
+  This CVE only applies to kernels `<= 4.5, <= 4.4.21`. By using recent kernels
+  (specifically, kernels `=> 4.9, >= 4.4.21`, LinuxKit mitigates this bug.
 
 ### Bugs not mitigated: