diff --git a/0038-PATCH-Avoid-dangling-ptrs-in-header-and-data-params-.patch b/0038-PATCH-Avoid-dangling-ptrs-in-header-and-data-params-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cf8d365a43d3ded4163431956139987b012ca7b0
--- /dev/null
+++ b/0038-PATCH-Avoid-dangling-ptrs-in-header-and-data-params-.patch
@@ -0,0 +1,43 @@
+From a114dc3c9af48a8f8ed22e738944a9c3e830a088 Mon Sep 17 00:00:00 2001
+From: Shao Denghui <shaodenghui@huawei.com>
+Date: Mon, 20 Feb 2023 21:59:31 +0800
+Subject: [PATCH] [PATCH] Avoid dangling ptrs in header and data params for
+ PEM_read_bio_ex In the event of a failure in PEM_read_bio_ex() we free the
+ buffers we allocated for the header and data buffers. However we were not
+ clearing the ptrs stored in *header and *data. Since, on success, the caller
+ is responsible for freeing these ptrs this can potentially lead to a double
+ free if the caller frees them even on failure.
+
+Thanks to Dawei Wang for reporting this issue.
+
+Based on a proposed patch by Kurt Roeckx.
+
+CVE-2022-4450
+
+Reference: https://github.com/openssl/openssl/commit/ee6243f3947107d655f6dee96f63861561a5aaeb
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+Signed-off-by: Shao Denghui <shaodenghui@huawei.com>
+---
+ CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c
+index 64baf71..6c7c4fe 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pem/pem_lib.c
+@@ -940,7 +940,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+     *data = pem_malloc(len, flags);
+     if (*header == NULL || *data == NULL) {
+         pem_free(*header, flags, 0);
++        *header = NULL;
+         pem_free(*data, flags, 0);
++        *data = NULL;
+         goto end;
+     }
+     BIO_read(headerB, *header, headerlen);
+-- 
+2.27.0
+
diff --git a/edk2.spec b/edk2.spec
index c1db95e78d4d48cc3dac7e535e82ac43b71c95b2..20a0796a9b7c6f4c6303ada3c6b2affdd2c4dcad 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -5,7 +5,7 @@
 
 Name: edk2
 Version: %{stable_date}
-Release: 11
+Release: 12
 Summary: EFI Development Kit II
 License: BSD-2-Clause-Patent
 URL: https://github.com/tianocore/edk2
@@ -51,6 +51,7 @@ Patch0036: 0034-UefiCpuPkg-CpuMpPei-Enable-paging-and-set-NP-flag-to.patch
 Patch0037: 0035-SecurityPkg-TcgPei-Use-Migrated-FV-Info-Hob-for-calc.patch
 Patch0038: 0036-UefiCpuPkg-Move-MigrateGdt-from-DiscoverMemory-to-Te.patch
 Patch0039: 0037-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch
+Patch0040: 0038-PATCH-Avoid-dangling-ptrs-in-header-and-data-params-.patch
 
 BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python2
 
@@ -246,6 +247,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif
 
 %changelog
+* Sun Feb 26 2023 shaodenghui<shaodenghui@huawei.com> - 202002-12
+- fix CVE-2022-4450
+
 * Tue Nov 29 2022 chenhuiying<chenhuiying4@huawei.com> - 202002-11
 - fix CVE-2021-38578