diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.6.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.6.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.6.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.6.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index 0962c55f3f..fb8ded5bcd 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1,2 +1,2 @@
 DIST linux-4.14.tar.xz 100770500 SHA256 f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 SHA512 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 WHIRLPOOL fee10d54ecb210156aa55364ecc15867127819e9f7ff9ec5f6ef159b1013e2ae3d3a28d35c62d663886cbe826b996a1387671766093be002536309045a8e4d10
-DIST patch-4.14.5.xz 128724 SHA256 d86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c SHA512 45a6adcc928babe53dd55a444aaae6280f57f844508a9799aada9f70b9fd6160b92b710986810c422ec3a20740f582acb3040f6d6aa883eecb58bf4c4d5918ca WHIRLPOOL e6130e986cc9a42c8ce14fc8a665e994f71a3b6be85d56c30b5fa2c629e5292bc056da98790614c5afaf4878141dca0a1fb3dd2ebdacfe829c86554b84d6dbd1
+DIST patch-4.14.6.xz 163536 SHA256 c75b40f450f147014a08987949aafb71d9fcd3e91e443f5c8e4edbf1bbc386c6 SHA512 c37b437f740fbb480766149ca1c6ddb5ee763b88b034b9b4eaf3ce000f299545ee19a93638d1a4161ab0c76ec73e1a53b2264b94213d53d6ad7dcda6bee45b8c WHIRLPOOL 7af853f4bcbc3d6d23343aa1401afcea1786c3e1978d021f48f29e7af34d27f397b2d352c78383affc2c17c82be812df9ff5b9c7626da04d4a8cc0bd53cfa41e
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.6.ebuild
similarity index 81%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.5.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.6.ebuild
index 75e3891a48..af3569f7fd 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.5.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.6.ebuild
@@ -33,8 +33,7 @@ IUSE=""
 UNIPATCH_LIST="
 	${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
 	${PATCH_DIR}/z0002-Add-arm64-coreos-verity-hash.patch \
-	${PATCH_DIR}/z0003-KVM-Remove-I-O-port-0x80-bypass-on-intel-hosts.patch \
-	${PATCH_DIR}/z0004-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch \
-	${PATCH_DIR}/z0005-block-factor-out-__blkdev_issue_zero_pages.patch \
-	${PATCH_DIR}/z0006-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch \
+	${PATCH_DIR}/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch \
+	${PATCH_DIR}/z0004-block-factor-out-__blkdev_issue_zero_pages.patch \
+	${PATCH_DIR}/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch \
 "
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
index 7dca8d94f0..cbd6788519 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch
@@ -1,7 +1,7 @@
-From 7c292474f4ccc7c58b05f812870b2cd2e9d61f48 Mon Sep 17 00:00:00 2001
+From 511dc8e4ea2d5bb0e8bc191a747630b6c7024183 Mon Sep 17 00:00:00 2001
 From: Vito Caputo <vito.caputo@coreos.com>
 Date: Wed, 25 Nov 2015 02:59:45 -0800
-Subject: [PATCH 1/6] kbuild: derive relative path for KBUILD_SRC from CURDIR
+Subject: [PATCH 1/5] kbuild: derive relative path for KBUILD_SRC from CURDIR
 
 This enables relocating source and build trees to different roots,
 provided they stay reachable relative to one another.  Useful for
@@ -12,7 +12,7 @@ by some undesirable path component.
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Makefile b/Makefile
-index 43ac7bdb10ad..91a49af766d5 100644
+index eabbd7748a24..c4232d5614e2 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch
index 0fc1d01179..7a56cca547 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch
@@ -1,7 +1,7 @@
-From f6b7a9ffa6790d12f7b68ffbf8ab47d795daebb3 Mon Sep 17 00:00:00 2001
+From 7134f9e6fc44063f515ce8cdac107fbdf22ce5f6 Mon Sep 17 00:00:00 2001
 From: Geoff Levand <geoff@infradead.org>
 Date: Fri, 11 Nov 2016 17:28:52 -0800
-Subject: [PATCH 2/6] Add arm64 coreos verity hash
+Subject: [PATCH 2/5] Add arm64 coreos verity hash
 
 Signed-off-by: Geoff Levand <geoff@infradead.org>
 ---
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-KVM-Remove-I-O-port-0x80-bypass-on-intel-hosts.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-KVM-Remove-I-O-port-0x80-bypass-on-intel-hosts.patch
deleted file mode 100644
index 5268c58521..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-KVM-Remove-I-O-port-0x80-bypass-on-intel-hosts.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From f6557bee7caf4685b57f2be35f4032955816f2c7 Mon Sep 17 00:00:00 2001
-From: Andrew Honig <ahonig@google.com>
-Date: Wed, 29 Nov 2017 10:54:24 -0800
-Subject: [PATCH 3/6] KVM: Remove I/O port 0x80 bypass on intel hosts.
-
-KVM allows guests to directly access I/O port 0x80 on intel hosts.  If
-the guest floods this port with writes it generates exceptions and
-instability in the host kernel, leading to a crash.  With this change
-guest writes to port 0x80 on intel will behave the same as they
-currently behave on AMD systems.
-
-Prevent the flooding by removing the code that sets port 0x80 as a
-passthrough port.  This is essentially the same as upstream patch
-99f85a28a78e96d28907fe036e1671a218fee597, except that patch was
-for AMD chipsets and this patch is for intel.
-
-Signed-off-by: Andrew Honig <ahonig@google.com>
-Signed-off-by: Jim Mattson <jmattson@google.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- arch/x86/kvm/vmx.c | 20 +++++---------------
- 1 file changed, 5 insertions(+), 15 deletions(-)
-
-diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index b21113bcf227..7242184fd8fd 100644
---- a/arch/x86/kvm/vmx.c
-+++ b/arch/x86/kvm/vmx.c
-@@ -935,8 +935,7 @@ static DEFINE_PER_CPU(struct list_head, blocked_vcpu_on_cpu);
- static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
- 
- enum {
--	VMX_IO_BITMAP_A,
--	VMX_IO_BITMAP_B,
-+	VMX_IO_BITMAP,
- 	VMX_MSR_BITMAP_LEGACY,
- 	VMX_MSR_BITMAP_LONGMODE,
- 	VMX_MSR_BITMAP_LEGACY_X2APIC_APICV,
-@@ -950,8 +949,7 @@ enum {
- 
- static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
- 
--#define vmx_io_bitmap_a                      (vmx_bitmap[VMX_IO_BITMAP_A])
--#define vmx_io_bitmap_b                      (vmx_bitmap[VMX_IO_BITMAP_B])
-+#define vmx_io_bitmap                        (vmx_bitmap[VMX_IO_BITMAP])
- #define vmx_msr_bitmap_legacy                (vmx_bitmap[VMX_MSR_BITMAP_LEGACY])
- #define vmx_msr_bitmap_longmode              (vmx_bitmap[VMX_MSR_BITMAP_LONGMODE])
- #define vmx_msr_bitmap_legacy_x2apic_apicv   (vmx_bitmap[VMX_MSR_BITMAP_LEGACY_X2APIC_APICV])
-@@ -5438,8 +5436,8 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
- 	int i;
- 
- 	/* I/O */
--	vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
--	vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
-+	vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap));
-+	vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap));
- 
- 	if (enable_shadow_vmcs) {
- 		vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
-@@ -6746,18 +6744,10 @@ static __init int hardware_setup(void)
- 			goto out;
- 	}
- 
--	vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
- 	memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
- 	memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
- 
--	/*
--	 * Allow direct access to the PC debug port (it is often used for I/O
--	 * delays, but the vmexits simply slow things down).
--	 */
--	memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
--	clear_bit(0x80, vmx_io_bitmap_a);
--
--	memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
-+	memset(vmx_io_bitmap, 0xff, PAGE_SIZE);
- 
- 	memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
- 	memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
--- 
-2.14.1
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
similarity index 90%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
index 20c00e7030..7f69385252 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
@@ -1,7 +1,7 @@
-From 04ee2f5bf99b4da6539e151e5386c70e9b77da9c Mon Sep 17 00:00:00 2001
+From 10a718b6168cc15fd1ff100905888539c09102b0 Mon Sep 17 00:00:00 2001
 From: Mohamed Ghannam <simo.ghannam@gmail.com>
 Date: Tue, 5 Dec 2017 12:23:04 -0800
-Subject: [PATCH 4/6] dccp: CVE-2017-8824: use-after-free in DCCP code
+Subject: [PATCH 3/5] dccp: CVE-2017-8824: use-after-free in DCCP code
 
 Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect()
 must free dccps_hc_tx_ccid and dccps_hc_rx_ccid and set to NULL.
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-factor-out-__blkdev_issue_zero_pages.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch
similarity index 95%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-factor-out-__blkdev_issue_zero_pages.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch
index d88e681675..a548ee9a20 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-factor-out-__blkdev_issue_zero_pages.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch
@@ -1,7 +1,7 @@
-From 05fd8881133594f99500427da4ea4e367af86555 Mon Sep 17 00:00:00 2001
+From 91d9cee0ee7a009867cc63f1abb65ac4a8544124 Mon Sep 17 00:00:00 2001
 From: Ilya Dryomov <idryomov@gmail.com>
 Date: Mon, 16 Oct 2017 15:59:09 +0200
-Subject: [PATCH 5/6] block: factor out __blkdev_issue_zero_pages()
+Subject: [PATCH 4/5] block: factor out __blkdev_issue_zero_pages()
 
 blkdev_issue_zeroout() will use this in !BLKDEV_ZERO_NOFALLBACK case.
 
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
similarity index 96%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
index dd8ce9922e..837436bacc 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch
@@ -1,7 +1,7 @@
-From 3f0172c2d2b789f746854d136d186e0b06731b1a Mon Sep 17 00:00:00 2001
+From 590ab1f613b6b0dd4465709223ba4032a191b4a2 Mon Sep 17 00:00:00 2001
 From: Ilya Dryomov <idryomov@gmail.com>
 Date: Mon, 16 Oct 2017 15:59:10 +0200
-Subject: [PATCH 6/6] block: cope with WRITE ZEROES failing in
+Subject: [PATCH 5/5] block: cope with WRITE ZEROES failing in
  blkdev_issue_zeroout()
 
 sd_config_write_same() ignores ->max_ws_blocks == 0 and resets it to