diff --git a/kernel.spec b/kernel.spec
index 93dcdfc4c..0cc7deb1d 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -640,6 +640,8 @@ Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
 #CVE-2015-8569 rhbz 1292045 1292047
 Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
 
+Patch601: vrf-fix-memory-leak-on-registration.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2083,6 +2085,9 @@ fi
 #
 # 
 %changelog
+* Thu Dec 17 2015 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix for memory leak in vrf
+
 * Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
 
diff --git a/vrf-fix-memory-leak-on-registration.patch b/vrf-fix-memory-leak-on-registration.patch
new file mode 100644
index 000000000..86c3dff69
--- /dev/null
+++ b/vrf-fix-memory-leak-on-registration.patch
@@ -0,0 +1,42 @@
+From 5780068e17af44a98d432d31448bb18a99ce64dc Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 15 Dec 2015 15:12:43 +0000
+Subject: [PATCH] vrf: Fix memory leak on registration failure in vrf_newlink()
+
+The backported version of commit 7f109f7cc371 ("vrf: fix double free
+and memory corruption on register_netdevice failure") incorrectly
+removed a kfree() from the failure path as well as the free_netdev().
+Add that back.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ drivers/net/vrf.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c
+index c9e309c..6c25fd0 100644
+--- a/drivers/net/vrf.c
++++ b/drivers/net/vrf.c
+@@ -581,6 +581,7 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
+ {
+ 	struct net_vrf *vrf = netdev_priv(dev);
+ 	struct net_vrf_dev *vrf_ptr;
++	int err;
+
+ 	if (!data || !data[IFLA_VRF_TABLE])
+ 		return -EINVAL;
+@@ -598,7 +599,10 @@ static int vrf_newlink(struct net *src_net, struct net_device *dev,
+
+ 	rcu_assign_pointer(dev->vrf_ptr, vrf_ptr);
+
+-	return register_netdev(dev);
++	err = register_netdev(dev);
++	if (err)
++		kfree(vrf_ptr);
++	return err;
+ }
+
+ static size_t vrf_nl_getsize(const struct net_device *dev)
+-- 
+2.5.0
+