diff --git a/SOURCES/openblas-CVE-2021-4048.patch b/SOURCES/openblas-CVE-2021-4048.patch
new file mode 100644
index 0000000..696c75b
--- /dev/null
+++ b/SOURCES/openblas-CVE-2021-4048.patch
@@ -0,0 +1,107 @@
+From 2be5ee3cca97a597f2ee2118808a2d5eacea050c Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:17:21 +0200
+Subject: [PATCH 1/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/clarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/clarrv.f b/lapack-netlib/SRC/clarrv.f
+index a45f55ac..26a9febc 100644
+--- a/lapack-netlib/SRC/clarrv.f
++++ b/lapack-netlib/SRC/clarrv.f
+@@ -351,7 +351,7 @@
+ *
+ * Quick return if possible
+ *
+- IF( N.LE.0 ) THEN
++ IF( (N.LE.0) .OR. (M.LE.0) ) THEN
+ RETURN
+ END IF
+ *
+--
+2.34.1
+
+
+From fe497efa0510466fd93578aaf9da1ad8ed4edbe7 Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:18:20 +0200
+Subject: [PATCH 2/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/dlarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/dlarrv.f b/lapack-netlib/SRC/dlarrv.f
+index 4a59a2bb..a1c6e9c9 100644
+--- a/lapack-netlib/SRC/dlarrv.f
++++ b/lapack-netlib/SRC/dlarrv.f
+@@ -353,7 +353,7 @@
+ *
+ * Quick return if possible
+ *
+- IF( N.LE.0 ) THEN
++ IF( (N.LE.0).OR.(M.LE.0) ) THEN
+ RETURN
+ END IF
+ *
+--
+2.34.1
+
+
+From ddb0ff5353637bb5f5ad060c9620e334c143e3d7 Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:19:07 +0200
+Subject: [PATCH 3/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/slarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/slarrv.f b/lapack-netlib/SRC/slarrv.f
+index 04519fde..9448b2fd 100644
+--- a/lapack-netlib/SRC/slarrv.f
++++ b/lapack-netlib/SRC/slarrv.f
+@@ -353,7 +353,7 @@
+ *
+ * Quick return if possible
+ *
+- IF( N.LE.0 ) THEN
++ IF( (N.LE.0).OR.(M.LE.0) ) THEN
+ RETURN
+ END IF
+ *
+--
+2.34.1
+
+
+From 337b65133df174796794871b3988cd03426e6d41 Mon Sep 17 00:00:00 2001
+From: Martin Kroeker <martin@ruby.chemie.uni-freiburg.de>
+Date: Fri, 1 Oct 2021 11:19:53 +0200
+Subject: [PATCH 4/4] Fix out of bounds read in ?llarv (Reference-LAPACK PR
+ 625)
+
+---
+ lapack-netlib/SRC/zlarrv.f | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lapack-netlib/SRC/zlarrv.f b/lapack-netlib/SRC/zlarrv.f
+index 23976dbe..8d10e3c2 100644
+--- a/lapack-netlib/SRC/zlarrv.f
++++ b/lapack-netlib/SRC/zlarrv.f
+@@ -351,7 +351,7 @@
+ *
+ * Quick return if possible
+ *
+- IF( N.LE.0 ) THEN
++ IF( (N.LE.0).OR.(M.LE.0) ) THEN
+ RETURN
+ END IF
+ *
+--
+2.34.1
+
diff --git a/SPECS/openblas.spec b/SPECS/openblas.spec
index 6287bf4..b85cdbf 100644
--- a/SPECS/openblas.spec
+++ b/SPECS/openblas.spec
@@ -18,7 +18,7 @@
Name: openblas
Version: 0.3.15
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: An optimized BLAS library based on GotoBLAS2
Group: Development/Libraries
License: BSD
@@ -37,6 +37,8 @@ Patch4: openblas-0.3.15-asmflags.patch
# Remove optimization pragmas on ppc64le
Patch5: openblas-0.3.15-power-optimize.patch
+Patch6: openblas-CVE-2021-4048.patch
+
BuildRequires: scl-utils
BuildRequires: gcc-toolset-11-gcc
BuildRequires: gcc-toolset-11-gcc-gfortran
@@ -238,6 +240,7 @@ cd OpenBLAS-%{version}
%patch3 -p1 -b .noopt
%patch4 -p1 -b .asmflags
%patch5 -p1 -b .power-optimize
+%patch6 -p1 -b .cve-2021-4048
# Fix source permissions
find -name \*.f -exec chmod 644 {} \;
@@ -677,6 +680,10 @@ rm -rf %{buildroot}%{_libdir}/pkgconfig
%endif
%changelog
+* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 0.3.15-4
+- Fix out-of-bounds read in *larrv
+- Resolves: CVE-2021-4048
+
* Fri Nov 12 2021 Nikola Forró <nforro@redhat.com> - 0.3.15-3
- Fix missing header files in openblas-devel subpackage by enabling
gcc-toolset-11 in %%install as well