Mark CVE-2017-18222 as fixed for 4.9.90

Note for reviewers: this one is a bit tricky, see the discussion in
https://patchwork.kernel.org/patch/10187633/ were an isolated fix was
provided. The reporter found by bisecting that upstream
cabfb3680f78981d26c078a26e5c748531257ebb fixes the issue, later
df09b6f7b54adba78693997096d0bcb1bd80537c which is
cabfb3680f78981d26c078a26e5c748531257ebb upstream was taken for 4.9.x
and landed in 4.9.90 accordingly. Please double check correctness of
this update.