CONFIG_BTRFS is not enabled in any ChromeOS images, which makes #3, #4, #5, #9, and #10 irrelevant for ChromeOS.
CONFIG_USB_F_MIDI is only enabled in beaglebone images, making #8 irrelevant for ChromeOS.
CONFIG_JFFS2_FS is only enabled in beaglebone images, making #1 irrelevant for ChromeOS.
The problem fixed by #7 was introduced after v4.4.

This leaves #2 and #6.
#2 needs a backport. We will fix it by submitting it for inclusion into v4.4.y and pick from there. From security perspective, its impact appears to be low since writing into sysctl_tcp_rmem requires privileges.

#6 is risky as it touches code which has been heavily modified since v4.4. On top of that, there are other unfixed problems in the ftrace code. Since ftrace requires privileges, it is an unlikely attack vector. We will not fix this problem unless someone can show that it is a high security risk.

Backport of #2 submitted for stable releases (v4.9.y and v4.14.y are also affected). Waiting for fix to be available in stable releases.

@groeck, I thought the btrfs is supported by ChromeOS. Where do I check whether a specific config flags is enabled for ChromeOS? I also thought the latest kernel version supported by ChromeOS is 4.4. How(/from where) do I checkout the version 4.9 and 4.14 for ChromeOS? And my last question is whether these bugs (bugs that are not backported to ChromeOS kernel) are eligible for bug bounty program? 

#6: btrfs is not enabled in any ChromeOS images. Anyone is free to use it, but it is "bug-for-bug compatible" with respective upstream kernel stable releases for chromeos-4.4 and later, and may not even build for older versions. Enabled configuration fragments are for the most part in the chromeos/ subdirectory.
There is no chromeos-4.9; however, v4.9.y is an upstream stable release, and it pays to help the community as they help us. chromeos-4.4 and chromeos-4.14 are branches in the ChromeOS kernel repository at https://chromium.googlesource.com/chromiumos/third_party/kernel/.

As for the bug bounty program, you are asking the wrong person. I would suggest to consult https://www.google.com/about/appsecurity/chrome-rewards/.

As per https://www.google.com/about/appsecurity/chrome-rewards/index.html, bugs that have been previously disclosed don't always qualify for a reward:

"Bugs disclosed publicly or to a third-party for purposes other than fixing the bug will typically not qualify for a reward."

@jorgelo, it says, "don't *always* qualify". I am asking about the bugs that are not known to be existent in ChromeOS kernel (\bugs that are not backported to ChromeOS kernel); hence, they are not exactly publicly disclosed yet. It takes lot of effort to find such bugs that still exist in the kernel. Especially, when you guys are actively back porting the patches to ChromeOS kernel.

The page https://www.google.com/about/appsecurity/chrome-rewards/index.html doesn't talk clearly about these types of bugs. Hence, the question about the bug bounty.  

I understand what you're asking for. I was attempting to give you some details to what things we take into account when choosing what to reward and what not. Whatever decision gets made will be posted to this bug as an update.

Follow-up on #4: Patch is now queued into affected stable releases (v4.4.y, v4.9.y, v4.14.y).

Clarification for previous comment: The number referred to the comment number, not to the patch number. The queued patch is patch #2.

Update on patch #6: According to https://www.spinics.net/lists/stable/msg168316.html,
the problem does not affect v4.4 and thus also not chromeos-4.4. Since it was applied prior to v4.14, it does not affect chromeos-4.14 either.

Reducing security severity: As found, only  bug #2  affects any ChromeOS images.  Bug #2  can only be observed as result of misconfiguration, which is only possible with privileges. I would not even consider this to be a security bug in the first place. The fix was not deemed important enough by the upstream maintainer to apply to stable kernel releases.

Projected stable releases for  bug #2 : v4.4.136, v4.9.107, v4.14.48

Fix for #2 pushed into both chromeos-4.4 and chromeos-4.14.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot