diff --git a/debian/changelog b/debian/changelog
index eb7de09fb..a00b0f9ae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -61,6 +61,7 @@ linux (4.0.8-1) UNRELEASED; urgency=medium
 
   [ Ben Hutchings ]
   * [ppc64el] Ignore ABI changes due to disabling HIBERNATION (fixes FTBFS)
+  * [x86] kvm: fix kvm_apic_has_events to check for NULL pointer (CVE-2015-4692)
 
  -- Ben Hutchings <ben@decadent.org.uk>  Fri, 10 Jul 2015 22:29:15 +0100
 
diff --git a/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch b/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
new file mode 100644
index 000000000..47de607da
--- /dev/null
+++ b/debian/patches/bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch
@@ -0,0 +1,24 @@
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Sat, 30 May 2015 14:31:24 +0200
+Subject: kvm: x86: fix kvm_apic_has_events to check for NULL pointer
+Origin: https://git.kernel.org/linus/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
+
+Malicious (or egregiously buggy) userspace can trigger it, but it
+should never happen in normal operation.
+
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ arch/x86/kvm/lapic.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.h
++++ b/arch/x86/kvm/lapic.h
+@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct
+ 
+ static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
+ {
+-	return vcpu->arch.apic->pending_events;
++	return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
+ }
+ 
+ bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
diff --git a/debian/patches/series b/debian/patches/series
index 9f7d5e81c..ab67a7b25 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -81,3 +81,4 @@ debian/revert-tcp-fix-child-sockets-to-use-system-default-c.patch
 debian/udp-fix-abi-change-in-4.0.6.patch
 bugfix/mips/mips-normalise-code-flow-in-the-cpu-exception-handle.patch
 bugfix/mips/mips-correct-fp-isa-requirements.patch
+bugfix/x86/kvm-x86-fix-kvm_apic_has_events-to-check-for-null-po.patch