diff --git a/.gitignore b/.gitignore
index e69de29..533e8a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/kernel-3.10.0-1160.6.1.el7.src.rpm
+SOURCES/v0.9.2.tar.gz
diff --git a/.kpatch-patch-3_10_0-1160_6_1.metadata b/.kpatch-patch-3_10_0-1160_6_1.metadata
index e69de29..ee5f9ef 100644
--- a/.kpatch-patch-3_10_0-1160_6_1.metadata
+++ b/.kpatch-patch-3_10_0-1160_6_1.metadata
@@ -0,0 +1,2 @@
+a7d3cd91b03eadc19d1370299d06206c02123868 SOURCES/kernel-3.10.0-1160.6.1.el7.src.rpm
+c0878679129add77d6fff57093640892ad941155 SOURCES/v0.9.2.tar.gz
diff --git a/SOURCES/fs-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch b/SOURCES/fs-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch
new file mode 100644
index 0000000..c50c0ff
--- /dev/null
+++ b/SOURCES/fs-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch
@@ -0,0 +1,92 @@
+From 4801d9a446569eb73191c8cb3b769aadcd3f0994 Mon Sep 17 00:00:00 2001
+From: Julien Thierry <jthierry@redhat.com>
+Date: Fri, 30 Oct 2020 09:00:20 +0000
+Subject: [PATCH] [fs] xfs: fix boundary test in xfs_attr_shortform_verify
+
+Kernels:
+3.10.0-1160.el7
+3.10.0-1160.2.1.el7
+3.10.0-1160.2.2.el7
+3.10.0-1160.6.1.el7
+
+Changes since last build:
+arches: x86_64 ppc64le
+xfs_attr_leaf.o: changed function: xfs_attr_shortform_verify
+---------------------------
+
+Modifications:
+None
+
+Testing: tried the commands in the commit message before and after the
+kpatch-patch. Without the kpatch-patch, the filesystem dies.
+
+commit b2f2f4aef9d49b0b9fd349f0376f5ffe735e5823
+Author: Eric Sandeen <sandeen@redhat.com>
+Date:   Wed Sep 9 22:17:43 2020 -0400
+
+    [fs] xfs: fix boundary test in xfs_attr_shortform_verify
+
+    Message-id: <98c52b4e-9e63-55e1-5e8e-4f8d193b3762@redhat.com>
+    Patchwork-id: 326026
+    Patchwork-instance: patchwork
+    O-Subject: [PATCH RHEL7.9.z] xfs: fix boundary test in xfs_attr_shortform_verify
+    Bugzilla: 1875317
+    CVE: CVE-2020-14385
+    RH-Acked-by: Carlos Maiolino <cmaiolino@redhat.com>
+    RH-Acked-by: Brian Foster <bfoster@redhat.com>
+
+    Bugzilla: 1875317
+    Upstream Status: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
+    Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=31247080
+    Tested: With simple reproducer in commit + xfstests
+    CVE: CVE-2020-14385
+
+    The boundary test for the fixed-offset parts of xfs_attr_sf_entry in
+    xfs_attr_shortform_verify is off by one, because the variable array
+    at the end is defined as nameval[1] not nameval[].
+    Hence we need to subtract 1 from the calculation.
+
+    This can be shown by:
+
+    # touch file
+    # setfattr -n root.a file
+
+    and verifications will fail when it's written to disk.
+
+    This only matters for a last attribute which has a single-byte name
+    and no value, otherwise the combination of namelen & valuelen will
+    push endp further out and this test won't fail.
+
+    Fixes: 1e1bbd8e7ee06 ("xfs: create structure verifier function for shortform xattrs")
+    Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+    Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+    Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+    Reviewed-by: Christoph Hellwig <hch@lst.de>
+    (cherry picked from commit f4020438fab05364018c91f7e02ebdd192085933)
+    Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+    Signed-off-by: Augusto Caringi <acaringi@redhat.com>
+
+Signed-off-by: Julien Thierry <jthierry@redhat.com>
+---
+ fs/xfs/libxfs/xfs_attr_leaf.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
+index 2c892846929..1d2bedd4c1a 100644
+--- a/fs/xfs/libxfs/xfs_attr_leaf.c
++++ b/fs/xfs/libxfs/xfs_attr_leaf.c
+@@ -923,8 +923,10 @@ xfs_attr_shortform_verify(
+ 		 * struct xfs_attr_sf_entry has a variable length.
+ 		 * Check the fixed-offset parts of the structure are
+ 		 * within the data buffer.
++		 * xfs_attr_sf_entry is defined with a 1-byte variable
++		 * array at the end, so we must subtract that off.
+ 		 */
+-		if (((char *)sfep + sizeof(*sfep)) >= endp)
++		if (((char *)sfep + sizeof(*sfep) - 1) >= endp)
+ 			return __this_address;
+ 
+ 		/* Don't allow names with known bad length. */
+-- 
+2.25.4
+
diff --git a/SPECS/kpatch-patch.spec b/SPECS/kpatch-patch.spec
index 5121ec5..de459b2 100644
--- a/SPECS/kpatch-patch.spec
+++ b/SPECS/kpatch-patch.spec
@@ -1,17 +1,18 @@
 # Set to 1 if building an empty subscription-only package.
-%define empty_package		1
+%define empty_package		0
 
 #######################################################
 # Only need to update these variables and the changelog
 %define kernel_ver	3.10.0-1160.6.1.el7
 %define kpatch_ver	0.9.2
-%define rpm_ver		0
-%define rpm_rel		0
+%define rpm_ver		1
+%define rpm_rel		1
 
 %if !%{empty_package}
 # Patch sources below. DO NOT REMOVE THIS LINE.
-Source100:		XXX.patch
-#Source101:		YYY.patch
+#
+# https://bugzilla.redhat.com/1881413
+Source100: fs-xfs-fix-boundary-test-in-xfs_attr_shortform_verify.patch
 # End of patch sources. DO NOT REMOVE THIS LINE.
 %endif
 
@@ -144,5 +145,8 @@ It is only a method to subscribe to the kpatch stream for kernel-%{kernel_ver}.
 %endif
 
 %changelog
+* Fri Oct 30 2020 Julien Thierry <jthierry@redhat.com> [1-1.el7]
+- xfs: fix boundary test in xfs_attr_shortform_verify [1881413] {CVE-2020-14385}
+
 * Mon Oct 26 2020 Yannick Cote <ycote@redhat.com> [0-0.el7]
 - An empty patch to subscribe to kpatch stream for kernel-3.10.0-1160.6.1.el7 [1891573]