diff --git a/kernel.spec b/kernel.spec
index 1cab087..904698a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -619,6 +619,9 @@ Patch536: scsi-mpt3sas_ctl-fix-double-fetch-bug-in_ctl_ioctl_main.patch
 # rhbz 1708717
 Patch537: neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch
 
+# CVE-2019-12614 rhbz 1718176 1718185
+Patch538: powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1857,6 +1860,9 @@ fi
 #
 #
 %changelog
+* Fri Jun 07 2019 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix CVE-2019-12614 (rhbz 1718176 1718185)
+
 * Thu Jun 06 2019 Jeremy Cline <jcline@redhat.com>
 - Fix incorrect permission denied with lock down off (rhbz 1658675)
 - Fix an issue with the IPv6 neighbor table (rhbz 1708717)
diff --git a/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch b/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
new file mode 100644
index 0000000..d4d14b8
--- /dev/null
+++ b/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
@@ -0,0 +1,34 @@
+From efa9ace68e487ddd29c2b4d6dd23242158f1f607 Mon Sep 17 00:00:00 2001
+From: Gen Zhang <blackgod016574@gmail.com>
+Date: Sun, 26 May 2019 10:42:40 +0800
+Subject: powerpc/pseries/dlpar: Fix a missing check in
+ dlpar_parse_cc_property()
+
+In dlpar_parse_cc_property(), 'prop->name' is allocated by kstrdup().
+kstrdup() may return NULL, so it should be checked and handle error.
+And prop should be freed if 'prop->name' is NULL.
+
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+---
+ arch/powerpc/platforms/pseries/dlpar.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c
+index 17958043e7f7..c852024044bb 100644
+--- a/arch/powerpc/platforms/pseries/dlpar.c
++++ b/arch/powerpc/platforms/pseries/dlpar.c
+@@ -61,6 +61,10 @@ static struct property *dlpar_parse_cc_property(struct cc_workarea *ccwa)
+ 
+ 	name = (char *)ccwa + be32_to_cpu(ccwa->name_offset);
+ 	prop->name = kstrdup(name, GFP_KERNEL);
++	if (!prop->name) {
++		dlpar_free_cc_property(prop);
++		return NULL;
++	}
+ 
+ 	prop->length = be32_to_cpu(ccwa->prop_length);
+ 	value = (char *)ccwa + be32_to_cpu(ccwa->prop_offset);
+-- 
+cgit 1.2-0.3.lf.el7
+