diff --git a/Misc/Missing_CVEs.txt b/Misc/Missing_CVEs.txt
new file mode 100644
index 00000000..5d6b2fde
--- /dev/null
+++ b/Misc/Missing_CVEs.txt
@@ -0,0 +1,32 @@
+https://github.com/bobfuzzer/CVE
+https://nvd.nist.gov/vuln/detail/CVE-2017-6247
+https://nvd.nist.gov/vuln/detail/CVE-2017-6248
+https://nvd.nist.gov/vuln/detail/CVE-2019-12881
+https://nvd.nist.gov/vuln/detail/CVE-2019-15126
+https://nvd.nist.gov/vuln/detail/CVE-2019-20794
+https://nvd.nist.gov/vuln/detail/CVE-2019-9501
+https://nvd.nist.gov/vuln/detail/CVE-2019-9502
+https://nvd.nist.gov/vuln/detail/CVE-2020-0068
+https://nvd.nist.gov/vuln/detail/CVE-2020-0220
+https://nvd.nist.gov/vuln/detail/CVE-2020-0221
+https://nvd.nist.gov/vuln/detail/CVE-2020-0261
+https://nvd.nist.gov/vuln/detail/CVE-2020-10708
+https://nvd.nist.gov/vuln/detail/CVE-2020-10774
+https://nvd.nist.gov/vuln/detail/CVE-2020-11201
+https://nvd.nist.gov/vuln/detail/CVE-2020-11202
+https://nvd.nist.gov/vuln/detail/CVE-2020-11206
+https://nvd.nist.gov/vuln/detail/CVE-2020-11207
+https://nvd.nist.gov/vuln/detail/CVE-2020-11208
+https://nvd.nist.gov/vuln/detail/CVE-2020-11211
+https://nvd.nist.gov/vuln/detail/CVE-2020-24394
+https://nvd.nist.gov/vuln/detail/CVE-2020-3623
+https://nvd.nist.gov/vuln/detail/CVE-2020-3625
+https://nvd.nist.gov/vuln/detail/CVE-2020-3648
+
+andi34 cve typos
+CVE-2014-0169 -> CVE-2014-0196
+CVE-2015-0565 -> CVE-2015-0569
+CVE-2015-8492 -> CVE-2015-8942
+CVE-2016-0430 -> CVE-2017-0430
+CVE-2016-0510 -> CVE-2017-0510
+CVE-2016-0525 -> CVE-2017-0525
diff --git a/Misc/Potentially_Missed_CVEs.txt b/Misc/Potentially_Missed_CVEs.txt
new file mode 100644
index 00000000..0d91ef54
--- /dev/null
+++ b/Misc/Potentially_Missed_CVEs.txt
@@ -0,0 +1,11 @@
+CVE-2017-15841
+CVE-2017-18131
+CVE-2017-18157
+CVE-2017-18173
+CVE-2017-18274
+CVE-2017-18275
+CVE-2017-18276
+CVE-2017-18278
+CVE-2017-18279
+
+https://source.android.com/security/bulletin/pixel/2019-09-01
diff --git a/Patches/LineageOS-16.0/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch b/Patches/LineageOS-16.0/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch
new file mode 100644
index 00000000..f3f075cf
--- /dev/null
+++ b/Patches/LineageOS-16.0/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch
@@ -0,0 +1,42 @@
+From 1b25d8a9ffb75767419cc0ab80569f44155bb166 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 19 Aug 2020 09:31:04 -0400
+Subject: [PATCH] reject updates with serialno constraints
+
+---
+ install.cpp | 17 ++---------------
+ 1 file changed, 2 insertions(+), 15 deletions(-)
+
+diff --git a/install.cpp b/install.cpp
+index db5792b8..25df53a3 100644
+--- a/install.cpp
++++ b/install.cpp
+@@ -159,23 +159,10 @@ static int check_newer_ab_build(ZipArchiveHandle zip) {
+     return INSTALL_ERROR;
+   }
+ 
+-  // We allow the package to not have any serialno; and we also allow it to carry multiple serial
+-  // numbers split by "|"; e.g. serialno=serialno1|serialno2|serialno3 ... We will fail the
+-  // verification if the device's serialno doesn't match any of these carried numbers.
+-  value = android::base::GetProperty("ro.serialno", "");
+   const std::string& pkg_serial_no = metadata["serialno"];
+   if (!pkg_serial_no.empty()) {
+-    bool match = false;
+-    for (const std::string& number : android::base::Split(pkg_serial_no, "|")) {
+-      if (value == android::base::Trim(number)) {
+-        match = true;
+-        break;
+-      }
+-    }
+-    if (!match) {
+-      LOG(ERROR) << "Package is for serial " << pkg_serial_no;
+-      return INSTALL_ERROR;
+-    }
++    LOG(ERROR) << "Serial number constraint not permitted: " << pkg_serial_no;
++    return INSTALL_ERROR;
+   }
+ 
+   if (metadata["ota-type"] != "AB") {
+-- 
+2.26.2
+
diff --git a/Patches/LineageOS-17.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch b/Patches/LineageOS-17.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch
new file mode 100644
index 00000000..7bbc1c27
--- /dev/null
+++ b/Patches/LineageOS-17.1/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch
@@ -0,0 +1,38 @@
+From 9412877c6f5303f9e658144e99eadde604dafbd0 Mon Sep 17 00:00:00 2001
+From: Daniel Micay <danielmicay@gmail.com>
+Date: Wed, 19 Aug 2020 09:31:04 -0400
+Subject: [PATCH] reject updates with serialno constraints
+
+---
+ install/install.cpp | 16 ++--------------
+ 1 file changed, 2 insertions(+), 14 deletions(-)
+
+diff --git a/install/install.cpp b/install/install.cpp
+index 9203ef0e..308aca49 100644
+--- a/install/install.cpp
++++ b/install/install.cpp
+@@ -205,22 +205,10 @@ int CheckPackageMetadata(const std::map<std::string, std::string>& metadata, Ota
+     return INSTALL_ERROR;
+   }
+ 
+-  // We allow the package to not have any serialno; and we also allow it to carry multiple serial
+-  // numbers split by "|"; e.g. serialno=serialno1|serialno2|serialno3 ... We will fail the
+-  // verification if the device's serialno doesn't match any of these carried numbers.
+   auto pkg_serial_no = get_value(metadata, "serialno");
+   if (!pkg_serial_no.empty()) {
+-    auto device_serial_no = android::base::GetProperty("ro.serialno", "");
+-    bool serial_number_match = false;
+-    for (const auto& number : android::base::Split(pkg_serial_no, "|")) {
+-      if (device_serial_no == android::base::Trim(number)) {
+-        serial_number_match = true;
+-      }
+-    }
+-    if (!serial_number_match) {
+-      LOG(ERROR) << "Package is for serial " << pkg_serial_no;
+-      return INSTALL_ERROR;
+-    }
++    LOG(ERROR) << "Serial number constraint not permitted: " << pkg_serial_no;
++    return INSTALL_ERROR;
+   }
+ 
+   if (ota_type == OtaType::AB) {
diff --git a/Patches/Linux b/Patches/Linux
index 88a1dd1d..369d4837 160000
--- a/Patches/Linux
+++ b/Patches/Linux
@@ -1 +1 @@
-Subproject commit 88a1dd1db25f2cf5cb6bf089b72d03a472e037c7
+Subproject commit 369d4837cfd82cf158eafef111430dd47b5902f6
diff --git a/Scripts/Common/Fix_CVE_Patchers.sh b/Scripts/Common/Fix_CVE_Patchers.sh
index 9502e76f..ae57f0d3 100644
--- a/Scripts/Common/Fix_CVE_Patchers.sh
+++ b/Scripts/Common/Fix_CVE_Patchers.sh
@@ -33,7 +33,7 @@ commentPatches android_kernel_asus_grouper.sh "CVE-2017-15868";
 commentPatches android_kernel_asus_msm8916.sh "CVE-2018-13913/ANY/0001.patch";
 commentPatches android_kernel_asus_msm8953.sh "CVE-2017-13162/3.18/0001.patch";
 commentPatches android_kernel_cyanogen_msm8916.sh "CVE-2018-13913/ANY/0001.patch";
-commentPatches android_kernel_essential_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0018.patch" "CVE-2017-13218/4.4/0026.patch" "CVE-2019-14047/ANY/0002.patch";
+commentPatches android_kernel_essential_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2017-13218/4.4/0026.patch" "CVE-2019-14047/ANY/0002.patch";
 commentPatches android_kernel_fxtec_msm8998.sh "CVE-2019-11599" "CVE-2019-16746" "CVE-2019-18282" "CVE-2019-19319" "CVE-2019-ctnl-addr-leak" "CVE-2020-1749" "CVE-2020-8992";
 commentPatches android_kernel_google_bonito.sh "CVE-2020-0067";
 commentPatches android_kernel_google_dragon.sh "CVE-2015-4167/^3.19.1/0001.patch";
@@ -52,12 +52,12 @@ commentPatches android_kernel_motorola_msm8996.sh "0001-LinuxIncrementals/3.18/3
 commentPatches android_kernel_nextbit_msm8992.sh "CVE-2018-3585/3.10/0001.patch";
 commentPatches android_kernel_oneplus_msm8994.sh "CVE-2018-3585/3.10/0001.patch";
 commentPatches android_kernel_oneplus_msm8996.sh "CVE-2017-13162/3.18/0001.patch" "CVE-2019-14070/ANY/0006.patch";
-commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0010.patch" "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0013.patch" "0008-Graphene-Kernel_Hardening/4.4/0018.patch" "CVE-2019-11599";
+commentPatches android_kernel_oneplus_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "0008-Graphene-Kernel_Hardening/4.4/0019.patch" "CVE-2019-11599";
 commentPatches android_kernel_oneplus_sm8150.sh "CVE-2019-16746" "CVE-2019-19319" "CVE-2020-0067" "CVE-2020-8992";
-commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0010.patch" "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0013.patch" "CVE-2019-14070/ANY/0005.patch";
+commentPatches android_kernel_razer_msm8998.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "CVE-2019-14070/ANY/0005.patch";
 commentPatches android_kernel_samsung_smdk4412.sh "CVE-2016-8463/ANY/0001.patch";
 commentPatches android_kernel_samsung_universal8890.sh "CVE-2016-7917" "CVE-2018-1092" "CVE-2018-17972";
 commentPatches android_kernel_samsung_universal9810.sh "CVE-2020-1749";
 commentPatches android_kernel_yandex_sdm660.sh "CVE-2019-11599" "CVE-2019-14070/ANY/0005.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
 commentPatches android_kernel_zte_msm8930.sh "CVE-2015-2922/^3.19.6/0001.patch" "CVE-2017-11015/prima";
-commentPatches android_kernel_zuk_msm8996.sh "0008-Graphene-Kernel_Hardening/4.4/0010.patch" "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0013.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
+commentPatches android_kernel_zuk_msm8996.sh "0008-Graphene-Kernel_Hardening/4.4/0011.patch" "0008-Graphene-Kernel_Hardening/4.4/0012.patch" "0008-Graphene-Kernel_Hardening/4.4/0014.patch" "CVE-2019-19319" "CVE-2020-1749" "CVE-2020-8992";
diff --git a/Scripts/Common/Functions.sh b/Scripts/Common/Functions.sh
index 702a543a..9c8e60c4 100644
--- a/Scripts/Common/Functions.sh
+++ b/Scripts/Common/Functions.sh
@@ -141,8 +141,8 @@ audit2allowADB() {
 export -f audit2allowADB;
 
 processRelease() {
-	#Credit: GrapheneOS
-	#https://github.com/GrapheneOS/script/blob/pie/release.sh
+	#Partial Credit: GrapheneOS
+	#https://github.com/GrapheneOS/script/blob/10/release.sh
 	local DEVICE="$1";
 	local BLOCK="$2";
 	local VERITY="$3";
@@ -166,6 +166,7 @@ processRelease() {
 			--replace_verity_keyid "$KEY_DIR/verity.x509.pem");
 		echo -e "\e[0;32m\t+ Verified Boot 1.0\e[0m";
 	elif [[ "$VERITY" == "avb" ]]; then
+		#TODO: Verify if both SHA512 and RSA4096 is always supported
 		local VERITY_SWITCHES=(--avb_vbmeta_key "$KEY_DIR/avb.pem" \
 			--avb_vbmeta_algorithm SHA512_RSA4096 \
 			--avb_system_key "$KEY_DIR/avb.pem" \
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index b4f94f60..f538caea 100644
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -65,6 +65,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bio
 enterAndClear "bootable/recovery";
 git revert --no-edit 3c0d796b79c7a1ee904e0cef7c0f2e20bf84c237; #remove sideload cache, breaks with large files
 patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-Squash_Menus.patch"; #What's a back button?
+sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort on serial number specific packages (GrapheneOS)
 
 enterAndClear "build";
 patch -p1 < "$DOS_PATCHES/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh
index d33cb867..f1c79087 100644
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@@ -63,6 +63,7 @@ enterAndClear "bootable/recovery";
 git revert --no-edit eb98fde70a6e54a25408eb8c626caecf7841c5df; #remove sideload cache, breaks with large files
 git revert --no-edit ac258a4f4c4b4b91640cc477ad1ac125f206db02; #Resurrect dm-verity
 sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
+sed -i 's/(!has_serial_number || serial_number_matched)/!has_serial_number/' recovery.cpp; #Abort on serial number specific packages (GrapheneOS)
 
 enterAndClear "build/make";
 patch -p1 < "$DOS_PATCHES_COMMON/android_build/0001-OTA_Keys.patch"; #add correct keys to recovery for OTA verification
diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh
index 4f87f048..69390302 100644
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@@ -65,6 +65,7 @@ git revert --no-edit 3f55a863ac34969f95bfb38641747d2fd9939630 865c6c770816f6e809
 git revert --no-edit 37d729bf; #Fix USB on most devices
 git revert --no-edit fe2901b144c515c5a90b547198aed37c209b5a82; #Resurrect dm-verity
 sed -i 's/!= 2048/< 2048/' tools/dumpkey/DumpPublicKey.java; #Allow 4096-bit keys
+patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch"; #Abort on serial number specific packages (GrapheneOS)
 
 enterAndClear "build/make";
 git revert --no-edit 271f6ffa045064abcac066e97f2cb53ccb3e5126 61f7ee9386be426fd4eadc2c8759362edb5bef8; #Add back PicoTTS and language files
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
index 1dc30eae..da09d999 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_essential_msm8998.sh
@@ -15,7 +15,8 @@ git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
-#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0003.patch
@@ -90,5 +91,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-16994/^5.0/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-19051/4.4/0010.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/4.4/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-11608/^5.6.1/0001.patch
-editKernelLocalversion "-dos.p90"
+editKernelLocalversion "-dos.p91"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh
index 9419a565..19456f29 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_oneplus_msm8998.sh
@@ -5,9 +5,9 @@ git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
index 023f8972..c72e435d 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_razer_msm8998.sh
@@ -5,9 +5,9 @@ git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
diff --git a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_zuk_msm8996.sh b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_zuk_msm8996.sh
index 7c5884a7..4beadebd 100644
--- a/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_zuk_msm8996.sh
+++ b/Scripts/LineageOS-17.1/CVE_Patchers/android_kernel_zuk_msm8996.sh
@@ -3,14 +3,15 @@ cd "$DOS_BUILD_BASE""kernel/zuk/msm8996"
 git apply $DOS_PATCHES_LINUX_CVES/0001-LinuxIncrementals/4.4/4.4.0209-0210.patch --exclude=Makefile
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0016.patch
 git apply $DOS_PATCHES_LINUX_CVES/0007-Accelerated_AES/3.10+/0020.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0005.patch
-#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0010.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0002.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0006.patch
 #git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0011.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
-#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
-git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0017.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0012.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0013.patch
+#git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0014.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0015.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0018.patch
+git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/4.4/0019.patch
 git apply $DOS_PATCHES_LINUX_CVES/0008-Graphene-Kernel_Hardening/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2015-7837/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2016-1583/^4.6.3/0003.patch
@@ -117,5 +118,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-14416/4.4/0005.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-15393/4.4/0004.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-UNKNOWN/ANY/0001.patch
 git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-UNKNOWN/ANY/0002.patch
-editKernelLocalversion "-dos.p117"
+editKernelLocalversion "-dos.p118"
 cd "$DOS_BUILD_BASE"
diff --git a/Scripts/LineageOS-17.1/Functions.sh b/Scripts/LineageOS-17.1/Functions.sh
index 173744c9..1d7f01dd 100644
--- a/Scripts/LineageOS-17.1/Functions.sh
+++ b/Scripts/LineageOS-17.1/Functions.sh
@@ -117,7 +117,8 @@ patchWorkspace() {
 
 	source build/envsetup.sh;
 	repopick -i 285265; #update webview
-	#repopick -i 285125; #HOSTS cache
+	repopick -i 285125; #HOSTS cache
+	repopick -i 285363; #fix building kernels with a much newer host kernel
 
 	source "$DOS_SCRIPTS/Patch.sh";
 	source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh
index 176cd3b9..e5efc331 100644
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@@ -56,6 +56,10 @@ gpgVerifyDirectory "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/packa
 cp -r "$DOS_PREBUILT_APPS""android_vendor_FDroid_PrebuiltApps/." "$DOS_BUILD_BASE""vendor/fdroid_prebuilt/"; #Add the prebuilt apps
 cp -r "$DOS_PATCHES_COMMON""android_vendor_divested/." "$DOS_BUILD_BASE""vendor/divested/"; #Add our vendor files
 
+enterAndClear "bootable/recovery";
+git checkout 53fd25482; #XXX: TEMPORARY!
+patch -p1 < "$DOS_PATCHES/android_bootable_recovery/0001-No_SerialNum_Restrictions.patch"; #Abort on serial number specific packages (GrapheneOS)
+
 enterAndClear "bionic";
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
 if [ "$DOS_GRAPHENE_MALLOC" = true ]; then patch -p1 < "$DOS_PATCHES/android_bionic/0002-Symbol_Ordering.patch"; fi; #(GrapheneOS)
diff --git a/Scripts/LineageOS-17.1/Rebrand.sh b/Scripts/LineageOS-17.1/Rebrand.sh
index 10b5f765..9c27f77c 100644
--- a/Scripts/LineageOS-17.1/Rebrand.sh
+++ b/Scripts/LineageOS-17.1/Rebrand.sh
@@ -21,7 +21,6 @@
 echo "Rebranding...";
 
 enter "bootable/recovery";
-git checkout 53fd25482; #XXX: TEMPORARY!
 git revert --no-edit 2e0e35734f65035d24014dcce7aceda6e4b1e222 1423e5792837f204e535efd75fd44a2970899a7d 7e46bc14b15fdeabfd16871137f403f89486b83c;
 sed -i 's/if (lineage_logo_/if (false/' recovery_ui/*ui.cpp;
 mogrify -format png -fill "#FF5722" -opaque "#167C80" -fuzz 10% res-*/images/*sel.png; #Recolor icons