diff --git a/debian/changelog b/debian/changelog
index 4a066b0f2..7221d92c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -197,6 +197,7 @@ linux (4.9.9-1) UNRELEASED; urgency=medium
   [ Salvatore Bonaccorso ]
   * IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636)
   * selinux: fix off-by-one in setprocattr (CVE-2017-2618)
+  * ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970)
 
  -- Ben Hutchings <ben@decadent.org.uk>  Fri, 27 Jan 2017 18:14:31 +0000
 
diff --git a/debian/patches/bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch b/debian/patches/bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch
new file mode 100644
index 000000000..cb1c8ad2b
--- /dev/null
+++ b/debian/patches/bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch
@@ -0,0 +1,47 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Sat, 4 Feb 2017 11:16:52 -0800
+Subject: ipv4: keep skb->dst around in presence of IP options
+Origin: https://git.kernel.org/linus/34b2cef20f19c87999fff3da4071e66937db9644
+
+Andrey Konovalov got crashes in __ip_options_echo() when a NULL skb->dst
+is accessed.
+
+ipv4_pktinfo_prepare() should not drop the dst if (evil) IP options
+are present.
+
+We could refine the test to the presence of ts_needtime or srr,
+but IP options are not often used, so let's be conservative.
+
+Thanks to syzkaller team for finding this bug.
+
+Fixes: d826eb14ecef ("ipv4: PKTINFO doesnt need dst reference")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: Andrey Konovalov <andreyknvl@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv4/ip_sockglue.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
+index 53ae0c6..9000117 100644
+--- a/net/ipv4/ip_sockglue.c
++++ b/net/ipv4/ip_sockglue.c
+@@ -1238,7 +1238,14 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb)
+ 		pktinfo->ipi_ifindex = 0;
+ 		pktinfo->ipi_spec_dst.s_addr = 0;
+ 	}
+-	skb_dst_drop(skb);
++	/* We need to keep the dst for __ip_options_echo()
++	 * We could restrict the test to opt.ts_needtime || opt.srr,
++	 * but the following is good enough as IP options are not often used.
++	 */
++	if (unlikely(IPCB(skb)->opt.optlen))
++		skb_dst_force(skb);
++	else
++		skb_dst_drop(skb);
+ }
+ 
+ int ip_setsockopt(struct sock *sk, int level,
+-- 
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index dfab2f599..cbd1721ac 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -106,6 +106,7 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 bugfix/all/IB-rxe-Fix-mem_check_range-integer-overflow.patch
 bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch
+bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch
 
 # Fix exported symbol versions
 bugfix/ia64/revert-ia64-move-exports-to-definitions.patch