diff --git a/debian/changelog b/debian/changelog
index 303d7f4ed..79197a0db 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -289,6 +289,7 @@ linux (4.17.5-1) UNRELEASED; urgency=medium
       tools for the host architecture
     - linux-image: Install symlinks to boot wrapper tools instead of the
       native tools built by kbuild
+   * fs: Fix up non-directory creation in SGID directories (CVE-2018-13405)
 
  -- Sjoerd Simons <sjoerd@debian.org>  Wed, 04 Jul 2018 10:25:57 +0200
 
diff --git a/debian/patches/bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch b/debian/patches/bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch
new file mode 100644
index 000000000..fbf626de7
--- /dev/null
+++ b/debian/patches/bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch
@@ -0,0 +1,42 @@
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 3 Jul 2018 17:10:19 -0700
+Subject: Fix up non-directory creation in SGID directories
+Origin: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-13405
+
+sgid directories have special semantics, making newly created files in
+the directory belong to the group of the directory, and newly created
+subdirectories will also become sgid.  This is historically used for
+group-shared directories.
+
+But group directories writable by non-group members should not imply
+that such non-group members can magically join the group, so make sure
+to clear the sgid bit on non-directories for non-members (but remember
+that sgid without group execute means "mandatory locking", just to
+confuse things even more).
+
+Reported-by: Jann Horn <jannh@google.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ fs/inode.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -2014,8 +2014,14 @@ void inode_init_owner(struct inode *inod
+ 	inode->i_uid = current_fsuid();
+ 	if (dir && dir->i_mode & S_ISGID) {
+ 		inode->i_gid = dir->i_gid;
++
++		/* Directories are special, and always inherit S_ISGID */
+ 		if (S_ISDIR(mode))
+ 			mode |= S_ISGID;
++		else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
++			 !in_group_p(inode->i_gid) &&
++			 !capable_wrt_inode_uidgid(dir, CAP_FSETID))
++			mode &= ~S_ISGID;
+ 	} else
+ 		inode->i_gid = current_fsgid();
+ 	inode->i_mode = mode;
diff --git a/debian/patches/series b/debian/patches/series
index 64c6801fc..d6716d163 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -145,6 +145,7 @@ bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch
 bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch
 bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch
 bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch
+bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch
 
 # Fix exported symbol versions
 bugfix/all/module-disable-matching-missing-version-crc.patch