diff --git a/debian/changelog b/debian/changelog
index 3639814be..86ddb53d9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -274,6 +274,7 @@ linux (4.14.16-1) UNRELEASED; urgency=medium
   * loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
   * [rt] Update to 4.14.15-rt11
   * [rt] Update to 4.14.15-rt13
+  * crypto: ecc - Fix NULL pointer deref. on no default_rng (Closes: #886556)
 
   [ Ben Hutchings ]
   * bpf: Avoid ABI change in 4.14.14
diff --git a/debian/patches/bugfix/all/crypto-ecc-fix-null-pointer-deref.-on-no-default_rng.patch b/debian/patches/bugfix/all/crypto-ecc-fix-null-pointer-deref.-on-no-default_rng.patch
new file mode 100644
index 000000000..4538ab6e7
--- /dev/null
+++ b/debian/patches/bugfix/all/crypto-ecc-fix-null-pointer-deref.-on-no-default_rng.patch
@@ -0,0 +1,37 @@
+From: Pierre <pinaraf@pinaraf.info>
+Date: Sun, 12 Nov 2017 15:24:32 +0100
+Subject: crypto: ecc - Fix NULL pointer deref. on no default_rng
+Origin: https://git.kernel.org/linus/4c0e22c90510308433272d7ba281b1eb4eda8209
+Bug-Debian: https://bugs.debian.org/886556
+
+If crypto_get_default_rng returns an error, the
+function ecc_gen_privkey should return an error.
+Instead, it currently tries to use the default_rng
+nevertheless, thus creating a kernel panic with a
+NULL pointer dereference.
+Returning the error directly, as was supposedly
+intended when looking at the code, fixes this.
+
+Signed-off-by: Pierre Ducroquet <pinaraf@pinaraf.info>
+Reviewed-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ crypto/ecc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/ecc.c b/crypto/ecc.c
+index 633a9bcdc574..18f32f2a5e1c 100644
+--- a/crypto/ecc.c
++++ b/crypto/ecc.c
+@@ -964,7 +964,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
+ 	 * DRBG with a security strength of 256.
+ 	 */
+ 	if (crypto_get_default_rng())
+-		err = -EFAULT;
++		return -EFAULT;
+ 
+ 	err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
+ 	crypto_put_default_rng();
+-- 
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 8825ed677..a8864c4eb 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -82,6 +82,7 @@ bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch
 bugfix/all/i40e-fix-flags-declaration.patch
 bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch
 debian/revert-objtool-fix-config_stack_validation-y-warning.patch
+bugfix/all/crypto-ecc-fix-null-pointer-deref.-on-no-default_rng.patch
 
 # Miscellaneous features