diff --git a/patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch b/patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch
new file mode 100644
index 0000000..a521381
--- /dev/null
+++ b/patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch
@@ -0,0 +1,114 @@
+From e43deaf4ad5e60dd95142bbfc703a83169b45946 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Wed, 24 Mar 2021 14:53:37 -0700
+Subject: [PATCH] inet: use bigger hash table for IP ID generation
+Patch-mainline: v5.13-rc1
+Git-commit: aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba
+References: CVE-2021-45486 bsc#1194087
+
+In commit 73f156a6e8c1 ("inetpeer: get rid of ip_id_count")
+I used a very small hash table that could be abused
+by patient attackers to reveal sensitive information.
+
+Switch to a dynamic sizing, depending on RAM size.
+
+Typical big hosts will now use 128x more storage (2 MB)
+to get a similar increase in security and reduction
+of hash collisions.
+
+As a bonus, use of alloc_large_system_hash() spreads
+allocated memory among all NUMA nodes.
+
+Fixes: 73f156a6e8c1 ("inetpeer: get rid of ip_id_count")
+Reported-by: Amit Klein <aksecurity@gmail.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Willy Tarreau <w@1wt.eu>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Denis Kirjanov <denis.kirjanov@suse.com>
+---
+ net/ipv4/route.c | 42 ++++++++++++++++++++++++++++--------------
+ 1 file changed, 28 insertions(+), 14 deletions(-)
+
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c
+index 8d9835ea0b97..d38a7a6f6d5d 100644
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -66,6 +66,7 @@
+ #include <linux/types.h>
+ #include <linux/kernel.h>
+ #include <linux/mm.h>
++#include <linux/memblock.h>
+ #include <linux/string.h>
+ #include <linux/socket.h>
+ #include <linux/sockios.h>
+@@ -476,8 +477,10 @@ static void ipv4_confirm_neigh(const struct dst_entry *dst, const void *daddr)
+ 	__ipv4_confirm_neigh(dev, *(__force u32 *)pkey);
+ }
+ 
+-#define IP_IDENTS_SZ 2048u
+-
++/* Hash tables of size 2048..262144 depending on RAM size.
++ * Each bucket uses 8 bytes.
++ */
++static u32 ip_idents_mask __read_mostly;
+ static atomic_t *ip_idents __read_mostly;
+ static u32 *ip_tstamps __read_mostly;
+ 
+@@ -487,12 +490,16 @@ static u32 *ip_tstamps __read_mostly;
+  */
+ u32 ip_idents_reserve(u32 hash, int segs)
+ {
+-	u32 *p_tstamp = ip_tstamps + hash % IP_IDENTS_SZ;
+-	atomic_t *p_id = ip_idents + hash % IP_IDENTS_SZ;
+-	u32 old = READ_ONCE(*p_tstamp);
+-	u32 now = (u32)jiffies;
++	u32 bucket, old, now = (u32)jiffies;
++	atomic_t *p_id;
++	u32 *p_tstamp;
+ 	u32 delta = 0;
+ 
++	bucket = hash & ip_idents_mask;
++	p_tstamp = ip_tstamps + bucket;
++	p_id = ip_idents + bucket;
++	old = READ_ONCE(*p_tstamp);
++
+ 	if (old != now && cmpxchg(p_tstamp, old, now) == old)
+ 		delta = prandom_u32_max(now - old);
+ 
+@@ -3511,18 +3518,25 @@ struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
+ 
+ int __init ip_rt_init(void)
+ {
++	void *idents_hash;
+ 	int cpu;
+ 
+-	ip_idents = kmalloc_array(IP_IDENTS_SZ, sizeof(*ip_idents),
+-				  GFP_KERNEL);
+-	if (!ip_idents)
+-		panic("IP: failed to allocate ip_idents\n");
++	/* For modern hosts, this will use 2 MB of memory */
++	idents_hash = alloc_large_system_hash("IP idents",
++					      sizeof(*ip_idents) + sizeof(*ip_tstamps),
++					      0,
++					      16, /* one bucket per 64 KB */
++					      HASH_ZERO,
++					      NULL,
++					      &ip_idents_mask,
++					      2048,
++					      256*1024);
++
++	ip_idents = idents_hash;
+ 
+-	prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents));
++	prandom_bytes(ip_idents, (ip_idents_mask + 1) * sizeof(*ip_idents));
+ 
+-	ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
+-	if (!ip_tstamps)
+-		panic("IP: failed to allocate ip_tstamps\n");
++	ip_tstamps = idents_hash + (ip_idents_mask + 1) * sizeof(*ip_idents);
+ 
+ 	for_each_possible_cpu(cpu) {
+ 		struct uncached_list *ul = &per_cpu(rt_uncached_list, cpu);
+-- 
+2.16.4
+
diff --git a/series.conf b/series.conf
index 294202a..99efadf 100644
--- a/series.conf
+++ b/series.conf
@@ -49956,6 +49956,7 @@
 	patches.suse/ionic-block-actions-during-fw-reset.patch
 	patches.suse/ionic-stop-watchdog-when-in-broken-state.patch
 	patches.suse/ionic-protect-adminq-from-early-destroy.patch
+	patches.suse/inet-use-bigger-hash-table-for-IP-ID-generation.patch
 	patches.suse/libbpf-Add-explicit-padding-to-bpf_xdp_set_link_opts.patch
 	patches.suse/selftests-bpf-Re-generate-vmlinux.h-and-BPF-skeleton.patch
 	patches.suse/libbpf-Add-explicit-padding-to-btf_dump_emit_type_de.patch