diff --git a/.gitignore b/.gitignore
index e69de29..38e007d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/kernel-4.18.0-305.12.1.el8_4.src.rpm
+SOURCES/v0.9.3.tar.gz
diff --git a/.kpatch-patch-4_18_0-305_12_1.metadata b/.kpatch-patch-4_18_0-305_12_1.metadata
index e69de29..cfe3b79 100644
--- a/.kpatch-patch-4_18_0-305_12_1.metadata
+++ b/.kpatch-patch-4_18_0-305_12_1.metadata
@@ -0,0 +1,2 @@
+11486d821c4014c4994aa07e46f1eda517b3fcf5 SOURCES/kernel-4.18.0-305.12.1.el8_4.src.rpm
+2b781cf5acd4869510950696e610b747ed508913 SOURCES/v0.9.3.tar.gz
diff --git a/SOURCES/CVE-2021-37576.patch b/SOURCES/CVE-2021-37576.patch
new file mode 100644
index 0000000..a4ec52f
--- /dev/null
+++ b/SOURCES/CVE-2021-37576.patch
@@ -0,0 +1,127 @@
+From 742fee241938f6089d67c4e779ba0d608a9d88e3 Mon Sep 17 00:00:00 2001
+From: Joe Lawrence <joe.lawrence@redhat.com>
+Date: Mon, 30 Aug 2021 16:54:36 -0400
+Subject: [KPATCH CVE-2021-37576] powerpc: kpatch fixes for CVE-2021-37576
+
+Kernels:
+4.18.0-305.el8
+4.18.0-305.3.1.el8_4
+4.18.0-305.7.1.el8_4
+4.18.0-305.10.2.el8_4
+4.18.0-305.12.1.el8_4
+
+arches: ppc64le
+Changes since last build:
+[ppc64le]:
+book3s_rtas.o: changed function: kvmppc_rtas_hcall
+
+---------------------------
+
+Kernels:
+4.18.0-305.el8
+4.18.0-305.3.1.el8_4
+4.18.0-305.7.1.el8_4
+4.18.0-305.10.2.el8_4
+4.18.0-305.12.1.el8_4
+
+Modifications: none
+Approved-by: Yannick Cote (@ycote1)
+Approved-by: Artem Savkov (@artem.savkov)
+KPATCH-MR: https://gitlab.com/kpatch-dev/rhel-8/-/merge_requests/2
+
+KT0 test PASS: https://beaker.engineering.redhat.com/jobs/5756102
+for kpatch-patch-4_18_0-305-1-5.el8 scratch build:
+https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=39394966
+
+commit 82faab596fc8f92648f20e2fbc4211557b115c13
+Author: Jon Maloy <jmaloy@redhat.com>
+Date:   Thu Aug 12 19:22:51 2021 -0400
+
+    KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
+
+    Bugzilla: https://bugzilla.redhat.com/1988225
+    Upstream Status: Merged
+    Build Info: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=38936146
+    CVE: CVE-2021-37576
+
+    commit f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
+    Author: Nicholas Piggin <npiggin@gmail.com>
+    Date:   Tue Jul 20 20:43:09 2021 +1000
+
+        KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
+
+        The kvmppc_rtas_hcall() sets the host rtas_args.rets pointer based on
+        the rtas_args.nargs that was provided by the guest. That guest nargs
+        value is not range checked, so the guest can cause the host rets pointer
+        to be pointed outside the args array. The individual rtas function
+        handlers check the nargs and nrets values to ensure they are correct,
+        but if they are not, the handlers store a -3 (0xfffffffd) failure
+        indication in rets[0] which corrupts host memory.
+
+        Fix this by testing up front whether the guest supplied nargs and nret
+        would exceed the array size, and fail the hcall directly without storing
+        a failure indication to rets[0].
+
+        Also expand on a comment about why we kill the guest and try not to
+        return errors directly if we have a valid rets[0] pointer.
+
+        Fixes: 8e591cb72047 ("KVM: PPC: Book3S: Add infrastructure to implement kernel-side RTAS calls")
+        Cc: stable@vger.kernel.org # v3.10+
+        Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
+        Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+        Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+
+    Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+
+Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
+---
+ arch/powerpc/kvm/book3s_rtas.c | 25 ++++++++++++++++++++++---
+ 1 file changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/arch/powerpc/kvm/book3s_rtas.c b/arch/powerpc/kvm/book3s_rtas.c
+index ceccacbf028e..52095f765e32 100644
+--- a/arch/powerpc/kvm/book3s_rtas.c
++++ b/arch/powerpc/kvm/book3s_rtas.c
+@@ -245,6 +245,17 @@ int kvmppc_rtas_hcall(struct kvm_vcpu *vcpu)
+ 	 * value so we can restore it on the way out.
+ 	 */
+ 	orig_rets = args.rets;
++	if (be32_to_cpu(args.nargs) >= ARRAY_SIZE(args.args)) {
++		/*
++		 * Don't overflow our args array: ensure there is room for
++		 * at least rets[0] (even if the call specifies 0 nret).
++		 *
++		 * Each handler must then check for the correct nargs and nret
++		 * values, but they may always return failure in rets[0].
++		 */
++		rc = -EINVAL;
++		goto fail;
++	}
+ 	args.rets = &args.args[be32_to_cpu(args.nargs)];
+ 
+ 	mutex_lock(&vcpu->kvm->arch.rtas_token_lock);
+@@ -272,9 +283,17 @@ int kvmppc_rtas_hcall(struct kvm_vcpu *vcpu)
+ fail:
+ 	/*
+ 	 * We only get here if the guest has called RTAS with a bogus
+-	 * args pointer. That means we can't get to the args, and so we
+-	 * can't fail the RTAS call. So fail right out to userspace,
+-	 * which should kill the guest.
++	 * args pointer or nargs/nret values that would overflow the
++	 * array. That means we can't get to the args, and so we can't
++	 * fail the RTAS call. So fail right out to userspace, which
++	 * should kill the guest.
++	 *
++	 * SLOF should actually pass the hcall return value from the
++	 * rtas handler call in r3, so enter_rtas could be modified to
++	 * return a failure indication in r3 and we could return such
++	 * errors to the guest rather than failing to host userspace.
++	 * However old guests that don't test for failure could then
++	 * continue silently after errors, so for now we won't do this.
+ 	 */
+ 	return rc;
+ }
+-- 
+2.31.1
+
+
diff --git a/SPECS/kpatch-patch.spec b/SPECS/kpatch-patch.spec
index 5f26e12..2209251 100644
--- a/SPECS/kpatch-patch.spec
+++ b/SPECS/kpatch-patch.spec
@@ -1,17 +1,18 @@
 # Set to 1 if building an empty subscription-only package.
-%define empty_package		1
+%define empty_package		0
 
 #######################################################
 # Only need to update these variables and the changelog
 %define kernel_ver	4.18.0-305.12.1.el8_4
 %define kpatch_ver	0.9.3
-%define rpm_ver		0
-%define rpm_rel		0
+%define rpm_ver		1
+%define rpm_rel		1
 
 %if !%{empty_package}
 # Patch sources below. DO NOT REMOVE THIS LINE.
-Source100:		XXX.patch
-#Source101:		YYY.patch
+#
+# https://bugzilla.redhat.com/1988230
+Source100: CVE-2021-37576.patch
 # End of patch sources. DO NOT REMOVE THIS LINE.
 %endif
 
@@ -31,7 +32,7 @@ Summary:	Live kernel patching module for kernel-%{kernel_ver_arch}
 
 Group:		System Environment/Kernel
 License:	GPLv2
-ExclusiveArch:	x86_64 ppc64le
+ExclusiveArch:	ppc64le
 
 Conflicts:	%{name} < %{version}-%{release}
 
@@ -150,5 +151,8 @@ It is only a method to subscribe to the kpatch stream for kernel-%{kernel_ver}.
 %endif
 
 %changelog
+* Wed Sep 01 2021 Artem Savkov <asavkov@redhat.com> [1-1.el8_4]
+- powerpc: KVM guest OS users can cause host OS memory corruption [1988230] {CVE-2021-37576}
+
 * Thu Jul 29 2021 Artem Savkov <asavkov@redhat.com> [0-0.el8_4]
 - An empty patch to subscribe to kpatch stream for kernel-4.18.0-305.12.1.el8_4 [1987277]