diff --git a/SOURCES/openblas-0.3.15-out-of-bounds-read.patch b/SOURCES/openblas-0.3.15-out-of-bounds-read.patch
new file mode 100644
index 0000000..3e7fc7a
--- /dev/null
+++ b/SOURCES/openblas-0.3.15-out-of-bounds-read.patch
@@ -0,0 +1,27 @@
+From 337b65133df174796794871b3988cd03426e6d41 Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:19:53 +0200
+Subject: [PATCH] Fix out of bounds read in ?llarv (Reference-LAPACK PR 625)
+
+Resolves: CVE-2021-4048
+
+---
+ lapack-netlib/SRC/zlarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/zlarrv.f b/lapack-netlib/SRC/zlarrv.f
+index 23976dbe..8d10e3c2 100644
+--- a/lapack-netlib/SRC/zlarrv.f
++++ b/lapack-netlib/SRC/zlarrv.f
+@@ -351,7 +351,7 @@
+ *
+ *     Quick return if possible
+ *
+-      IF( N.LE.0 ) THEN
++      IF( (N.LE.0).OR.(M.LE.0) ) THEN
+          RETURN
+       END IF
+ *
+-- 
+2.33.1
+
diff --git a/SPECS/openblas.spec b/SPECS/openblas.spec
index bd3f757..200fb84 100644
--- a/SPECS/openblas.spec
+++ b/SPECS/openblas.spec
@@ -15,7 +15,7 @@
 
 Name:           openblas
 Version:        0.3.15
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        An optimized BLAS library based on GotoBLAS2
 License:        BSD
 URL:            https://github.com/xianyi/OpenBLAS/
@@ -28,6 +28,8 @@ Patch1:         openblas-0.2.5-libname.patch
 Patch2:         openblas-0.2.15-constructor.patch
 # Supply the proper flags to the test makefile
 Patch3:         openblas-0.3.11-tests.patch
+# Fix out of bounds read in ?llarv (Reference-LAPACK PR 625)
+Patch4:         openblas-0.3.15-out-of-bounds-read.patch
 
 BuildRequires: make
 BuildRequires:  gcc
@@ -241,6 +243,7 @@ cd OpenBLAS-%{version}
 %patch2 -p1 -b .constructor
 %endif
 %patch3 -p1 -b .tests
+%patch4 -p1 -b .out-of-bound-read
 
 # Fix source permissions
 find -name \*.f -exec chmod 644 {} \;
@@ -646,6 +649,11 @@ rm -rf %{buildroot}%{_libdir}/pkgconfig
 %endif
 
 %changelog
+* Tue Jan 11 2022 Honza Horak <hhorak@redhat.com> - 0.3.15-3
+- Fix out of bounds read in ?llarv (Reference-LAPACK PR 625)
+  (CVE-2021-4048)
+  Resolves: #2029855
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.15-2
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688