diff --git a/0008-kubelet-fix-websocket-reference-nil-pointer.patch b/0008-kubelet-fix-websocket-reference-nil-pointer.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9b5f477f5f314a9cacd128bed609cf46b24ed074
--- /dev/null
+++ b/0008-kubelet-fix-websocket-reference-nil-pointer.patch
@@ -0,0 +1,46 @@
+From 760129610e5b54d548247490899a8595cea2d5b8 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Mon, 31 Oct 2022 17:15:51 +0800
+Subject: [PATCH] kubelet fix websocket reference nul pointer
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ .../cri/streaming/remotecommand/proxy.go      | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/pkg/kubelet/cri/streaming/remotecommand/proxy.go b/pkg/kubelet/cri/streaming/remotecommand/proxy.go
+index 76222d90..f21629af 100644
+--- a/pkg/kubelet/cri/streaming/remotecommand/proxy.go
++++ b/pkg/kubelet/cri/streaming/remotecommand/proxy.go
+@@ -169,14 +169,23 @@ func connectBackend(addr, subprotocol string, r *http.Request) (*websocket.Conn,
+ 	websocket.DefaultDialer.ReadBufferSize = 128 * 1024
+ 	websocket.DefaultDialer.WriteBufferSize = 128 * 1024
+ 	ws, resp, err := websocket.DefaultDialer.Dial(addr, h)
+-	if err != nil {
++	if err == nil {
++		return ws, nil
++	}
++	msg := fmt.Errorf("dial failed: %v, response Body is nil", err)
++	if resp != nil && resp.Body != nil {
++		defer func() {
++			//websocket buffer size maybe not enough and cause panic
++			if e := recover(); e != nil {
++				msg = fmt.Errorf("dial failed: %v, response panic %v", err, e)
++			}
++			resp.Body.Close()
++		}()
+ 		var body bytes.Buffer
+ 		body.ReadFrom(resp.Body)
+-		defer resp.Body.Close()
+-		msg := fmt.Errorf("dial failed: %v, response is: %v", err, body.String())
+-		return nil, msg
++		msg = fmt.Errorf("dial failed: %v, response is: %v", err, body.String())
+ 	}
+-	return ws, nil
++	return nil, msg
+ }
+ 
+ type rwc struct {
+-- 
+2.25.1
+
diff --git a/kubernetes.spec b/kubernetes.spec
index 475f7192fc17b684e710b5c884e3c522c6527b9c..c0b2ca657c664d382dd429dfdb79927bc5789eb6 100644
--- a/kubernetes.spec
+++ b/kubernetes.spec
@@ -3,7 +3,7 @@
 
 Name:         kubernetes
 Version:      1.20.2
-Release:      9
+Release:      10
 Summary:      Container cluster management
 License:      ASL 2.0
 URL:          https://k8s.io/kubernetes
@@ -31,6 +31,7 @@ Patch6003: 0004-fix-CVE-2021-25737.patch
 Patch6004: 0005-fix-CVE-2021-25741.patch
 Patch6005: 0006-kubelet-support-attach-websocket-protocol.patch
 Patch6006: 0007-Add-an-option-for-aggregator.patch
+Patch6007: 0008-kubelet-fix-websocket-reference-nil-pointer.patch
 
 %description
 Container cluster management.
@@ -262,6 +263,9 @@ getent passwd kube >/dev/null || useradd -r -g kube -d / -s /sbin/nologin \
 %systemd_postun kubelet kube-proxy
 
 %changelog
+* Mon Oct 31 2022 zhangxiaoyu <zhangxiaoyu58@huawei.com> - 1.20.2-10
+- DESC: kubelet fix websocket reference nul pointer
+
 * Tue Sep 27 2022 zhongtao <zhongtao17@huawei.com> - 1.20.2-9
 - DESC: fix CVE-2022-3172