A couple ext4-related CVE fixes were released to other kernels in linux-stable, but didn't cleanly apply to 4.9.y. These are adjusted cherry-picks of Ben Hutching's 3.16.y backports. Theodore Ts'o (2): ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks fs/ext4/xattr.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) -- 2.19.0.605.g01d371f741-goog