* CVE-2016-6351: scsi: esp: OOB write access in esp_do_dma (bz #1360600)
* CVE-2016-6833: vmxnet3: use-after-free (bz #1368982)
* CVE-2016-6490: virtio: infinite loop in virtqueue_pop (bz #1361428)
* CVE-2016-7156: pvscsi: infinite loop when building SG list (bz #1373480)
* CVE-2016-7170: vmware_vga: OOB stack memory access (bz #1374709)
* CVE-2016-7161: net: Heap overflow in xlnx.xps-ethernetlite (bz #1379298)
* CVE-2016-7466: usb: xhci memory leakage during device unplug (bz #1377838)
* CVE-2016-7422: virtio: null pointer dereference (bz #1376756)
* CVE-2016-7908: net: Infinite loop in mcf_fec_do_tx (bz #1381193)
* CVE-2016-8576: usb: xHCI: infinite loop vulnerability (bz #1382322)
* CVE-2016-7995: usb: hcd-ehci: memory leak (bz #1382669)
* Don’t depend on edk2 roms where they aren’t available (bz #1373576)